Autentisering via LDAP och Kerberos i FreeBSD 10

Denna guide är under utveckling.

Installera följande:

Välj att länka mot Heimdal Kerberos.

Editera /etc/krb5.conf:

[libdefaults]
    default_realm = EXAMPLE.COM

[realms]
    EXAMPLE.COM = {
        kdc = kdc.example.com
	admin_server = kdc.example.com
	default_domain = example.com
    }

[domain_realm]
    .example.com = EXAMPLE.COM
    example.com = EXAMPLE.COM

Skapa och kopiera en /etc/krb5.keytab fil.

Editera följande /etc/pam.d filer och rader:

ftp:auth		sufficient	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftp:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftpd:auth		sufficient	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
ftpd:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
other:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
other:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
sshd:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
sshd:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
sshd:password	        sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
system:auth		sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000
system:account		required	/usr/local/lib/security/pam_krb5.so	minimum_uid=5000
system:password	        sufficient	/usr/local/lib/security/pam_krb5.so	try_first_pass minimum_uid=5000

Välj bort pam_ldap stödet.

Editera /usr/local/etc/nslcd.conf:

uid nslcd
gid nslcd
uri ldap://ns1.example.com/
base dc=example,dc=com
ssl start_tls
tls_cacertfile /etc/ssl/cert.pem

Editera /etc/nsswitch.conf:

group: files ldap
passwd: files ldap