Autentisering via LDAP och Kerberos i FreeBSD 10

From Peters wiki
Revision as of 19:53, 16 October 2015 by Peter (talk | contribs)
Jump to navigation Jump to search

Denna guide är under utveckling.


Installera följande:

root # portmaster security/pam_krb5

Välj att länka mot Heimdal Kerberos.

Editera /etc/krb5.conf: 

[libdefaults]
    default_realm = EXAMPLE.COM

[realms]
    EXAMPLE.COM = {
        kdc = kdc.example.com
	admin_server = kdc.example.com
	default_domain = example.com
    }

[domain_realm]
    .example.com = EXAMPLE.COM
    example.com = EXAMPLE.COM

Skapa och kopiera en /etc/krb5.keytab fil.

Editera följande /etc/pam.d filer och rader: 

ftp:auth		sufficient	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftp:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftpd:auth		sufficient	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftpd:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
other:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
other:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
sshd:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
sshd:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
sshd:password	        sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
system:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
system:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
system:password	        sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
root # portmaster net/nss-pam-ldapd

Välj bort pam_ldap stödet.

Editera /usr/local/etc/nslcd.conf: 

uid nslcd
gid nslcd
uri ldap://ns1.example.com/
base dc=example,dc=com
ssl start_tls
tls_cacertfile /etc/ssl/cert.pem
Retrieved from "http://www.kerwien.se/index.php?title=Autentisering_via_LDAP_och_Kerberos_i_FreeBSD_10&oldid=3001"