Autentisering via LDAP och Kerberos i FreeBSD 10: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
| Line 28: | Line 28: | ||
Editera följande /etc/pam.d filer och rader: | Editera följande /etc/pam.d filer och rader: | ||
{{bc|1= | {{bc|1= | ||
other:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000 | other:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000 | ||
other:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000 | other:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000 | ||
Revision as of 19:54, 16 October 2015
Denna guide är under utveckling.
Installera följande:
Välj att länka mot Heimdal Kerberos.
Editera /etc/krb5.conf:
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = kdc.example.com
admin_server = kdc.example.com
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
Skapa och kopiera en /etc/krb5.keytab fil.
Editera följande /etc/pam.d filer och rader:
other:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000 other:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000 sshd:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000 sshd:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000 sshd:password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000 system:auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000 system:account required /usr/local/lib/security/pam_krb5.so minimum_uid=5000 system:password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass minimum_uid=5000
Välj bort pam_ldap stödet.
Editera /usr/local/etc/nslcd.conf:
uid nslcd gid nslcd uri ldap://ns1.example.com/ base dc=example,dc=com ssl start_tls tls_cacertfile /etc/ssl/cert.pem
Editera /etc/nsswitch.conf:
group: files ldap passwd: files ldap