Benutzer-Werkzeuge
lpi2:pam-ldap
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
| — |
lpi2:pam-ldap [2013/06/28 12:37] (aktuell) |
||
|---|---|---|---|
| Zeile 1: | Zeile 1: | ||
| + | ====== Konfiguration OpenLDAP Server ====== | ||
| + | Serverseitig wird die selbe Konfiguration benötigt wie bei [[nss-ldap]] | ||
| + | |||
| + | ====== pam_ldap Client ====== | ||
| + | ===== Benötigte Pakete ===== | ||
| + | Debian: | ||
| + | libpam-ldap | ||
| + | |||
| + | SuSE: | ||
| + | pam_ldap | ||
| + | |||
| + | RedHat: | ||
| + | nss_ldap | ||
| + | |||
| + | ===== Minimalkonfiguration ===== | ||
| + | |||
| + | Einstellungen über debconf bei Debian: | ||
| + | <code bash> | ||
| + | debconf-set-selections <<DEBCONF | ||
| + | libpam-ldap libpam-ldap/rootbindpw password | ||
| + | # Local crypt to use when changing passwords. | ||
| + | libpam-ldap libpam-ldap/pam_password select crypt | ||
| + | # Root login account | ||
| + | libpam-ldap libpam-ldap/rootbinddn string cn=admin,dc=villa,dc=local | ||
| + | # Make local root Database admin. | ||
| + | libpam-ldap libpam-ldap/dbrootlogin boolean true | ||
| + | DEBCONF | ||
| + | </code> | ||
| + | |||
| + | ''/etc/pam_ldap.conf'' (Debian) | ||
| + | |||
| + | ''/etc/ldap.conf'' (SuSE und Centos): | ||
| + | <file> | ||
| + | host ldap1.villa.local | ||
| + | base dc=villa,dc=local | ||
| + | ldap_version 3 | ||
| + | </file> | ||
| + | |||
| + | Das Programm ''login'' zum Testen gegen LDAP authentifizieren: | ||
| + | |||
| + | ''/etc/pam.d/login'': (SuSE 12.3 ((alternativ mit ''pam-config'' )) & Debian (( ab debian 6.0 wird die PAM-Konfiguration mit ''pam-auth-update'' erzeugt ))) | ||
| + | <file> | ||
| + | auth sufficient pam_unix.so nullok | ||
| + | auth requisite pam_ldap.so use_first_pass | ||
| + | |||
| + | account sufficient pam_unix.so | ||
| + | account requisite pam_ldap.so | ||
| + | |||
| + | session requisite pam_unix.so | ||
| + | </file> | ||
| + | |||
| + | ''/etc/pam.d/login'': (SuSE ((openSuSE 10.3, SLES 11 : alternativ mit ''pam-config'' )) & Centos ((alternativ mit ''system-config-auth'')) ) | ||
| + | <file> | ||
| + | auth sufficient pam_unix2.so nullok | ||
| + | auth requisite pam_ldap.so use_first_pass | ||
| + | |||
| + | account sufficient pam_unix2.so | ||
| + | account requisite pam_ldap.so | ||
| + | |||
| + | session requisite pam_unix2.so | ||
| + | </file> | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ==== Testen ==== | ||
| + | |||
| + | login | ||
| + | |||
| + | ====== Dokus & Links ====== | ||
| + | * http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_SAG.html | ||
| + | * http://etutorials.org/Server+Administration/ldap+system+administration/Part+II+Application+Integration/Chapter+6.+Replacing+NIS/6.7+Authorization+Through+PAM/ | ||
| + | * Offline Anmeldung: https://help.ubuntu.com/community/PamCcredsHowto | ||
lpi2/pam-ldap.txt · Zuletzt geändert: 2013/06/28 12:37 (Externe Bearbeitung)
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial-Share Alike 4.0 International
