Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
lpi2:pam-ldap [2013/06/28 12:37] |
lpi2:pam-ldap [2013/06/28 12:37] (aktuell) |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Konfiguration OpenLDAP Server ====== | ||
+ | Serverseitig wird die selbe Konfiguration benötigt wie bei [[nss-ldap]] | ||
+ | |||
+ | ====== pam_ldap Client ====== | ||
+ | ===== Benötigte Pakete ===== | ||
+ | Debian: | ||
+ | libpam-ldap | ||
+ | |||
+ | SuSE: | ||
+ | pam_ldap | ||
+ | |||
+ | RedHat: | ||
+ | nss_ldap | ||
+ | |||
+ | ===== Minimalkonfiguration ===== | ||
+ | |||
+ | Einstellungen über debconf bei Debian: | ||
+ | <code bash> | ||
+ | debconf-set-selections <<DEBCONF | ||
+ | libpam-ldap libpam-ldap/rootbindpw password | ||
+ | # Local crypt to use when changing passwords. | ||
+ | libpam-ldap libpam-ldap/pam_password select crypt | ||
+ | # Root login account | ||
+ | libpam-ldap libpam-ldap/rootbinddn string cn=admin,dc=villa,dc=local | ||
+ | # Make local root Database admin. | ||
+ | libpam-ldap libpam-ldap/dbrootlogin boolean true | ||
+ | DEBCONF | ||
+ | </code> | ||
+ | |||
+ | ''/etc/pam_ldap.conf'' (Debian) | ||
+ | |||
+ | ''/etc/ldap.conf'' (SuSE und Centos): | ||
+ | <file> | ||
+ | host ldap1.villa.local | ||
+ | base dc=villa,dc=local | ||
+ | ldap_version 3 | ||
+ | </file> | ||
+ | |||
+ | Das Programm ''login'' zum Testen gegen LDAP authentifizieren: | ||
+ | |||
+ | ''/etc/pam.d/login'': (SuSE 12.3 ((alternativ mit ''pam-config'' )) & Debian (( ab debian 6.0 wird die PAM-Konfiguration mit ''pam-auth-update'' erzeugt ))) | ||
+ | <file> | ||
+ | auth sufficient pam_unix.so nullok | ||
+ | auth requisite pam_ldap.so use_first_pass | ||
+ | |||
+ | account sufficient pam_unix.so | ||
+ | account requisite pam_ldap.so | ||
+ | |||
+ | session requisite pam_unix.so | ||
+ | </file> | ||
+ | |||
+ | ''/etc/pam.d/login'': (SuSE ((openSuSE 10.3, SLES 11 : alternativ mit ''pam-config'' )) & Centos ((alternativ mit ''system-config-auth'')) ) | ||
+ | <file> | ||
+ | auth sufficient pam_unix2.so nullok | ||
+ | auth requisite pam_ldap.so use_first_pass | ||
+ | |||
+ | account sufficient pam_unix2.so | ||
+ | account requisite pam_ldap.so | ||
+ | |||
+ | session requisite pam_unix2.so | ||
+ | </file> | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== Testen ==== | ||
+ | |||
+ | login | ||
+ | |||
+ | ====== Dokus & Links ====== | ||
+ | * http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_SAG.html | ||
+ | * http://etutorials.org/Server+Administration/ldap+system+administration/Part+II+Application+Integration/Chapter+6.+Replacing+NIS/6.7+Authorization+Through+PAM/ | ||
+ | * Offline Anmeldung: https://help.ubuntu.com/community/PamCcredsHowto |