Autentisering via LDAP och Kerberos i FreeBSD 10

From Peters wiki
Revision as of 18:37, 15 October 2015 by Peter (talk | contribs)
Jump to navigation Jump to search

Denna guide är under utveckling.


Installera följande:

root # portmaster security/pam_krb5

Välj att länka mot Heimdal Kerberos.

Editera /etc/krb5.conf: 

[libdefaults]
    default_realm = EXAMPLE.COM

[realms]
    EXAMPLE.COM = {
        kdc = kdc.example.com
	admin_server = kdc.example.com
	default_domain = example.com
    }

[domain_realm]
    .example.com = EXAMPLE.COM
    example.com = EXAMPLE.COM

Skapa och kopiera en /etc/krb5.keytab fil.

Editera följande /etc/pam.d filer och rader: 

ftp:auth		sufficient	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftp:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftpd:auth		sufficient	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftpd:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
other:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
other:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
sshd:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
sshd:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
sshd:password	        sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
system:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
system:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
system:password	        sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
root # portmaster net/nss-pam-ldapd-sasl

Välj bort pam_ldap stödet. Välj GSSAPI för open-sasl-client.

root # portmaster security/cyrus-sasl2-gssapi

Välj Use Heimdal in base.

Retrieved from "http://www.kerwien.se/index.php?title=Autentisering_via_LDAP_och_Kerberos_i_FreeBSD_10&oldid=3000"