澳门威利斯人_威利斯人娱乐「手机版」

来自 澳门威利斯人 2019-10-06 11:16 的文章
当前位置: 澳门威利斯人 > 澳门威利斯人 > 正文

威尼斯人博彩ldap实现Linux登录账号统一管理,l

account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so

pam 认证
cp /etc/pam_ldap.conf /etc/pam_ldap.conf.old
sed 's/^host/#&/g' /etc/pam_ldap.conf
sed 's/^base/#&/g' /etc/pam_ldap.conf
cat >> /etc/pam_ldap.conf<<EOF
host=192.168.85.129
base dc=dev,dc=com
uri ldap://dev.com
EOF

修改文件/etc/pam.d/system-auth

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so

配置openLDAP-client
cp /etc/nsswitch.conf /etc/nsswitch.conf.old

#让 NSS 服务使用 OpenLDAP 服务器
sed -i '/^passwd:.*$/s//&  ldap/g' /etc/nsswitch.conf
sed -i '/^shadow:.*$/s//&  ldap/g' /etc/nsswitch.conf
sed -i '/^group:.*$/s//&  ldap/g' /etc/nsswitch.conf


#配置ldapclient 配置文件
cp /etc/openldap/ldap.conf /etc/openldap/ldap.conf.old
cat >> /etc/openldap/ldap.conf <<EOF
host 192.168.85.129
BASE dc=dev,dec=com
URI ldap://dev.com ldap://dev.com:389
ssl off
EOF

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
#auth required pam_env.so
#auth sufficient pam_unix.so nullok try_first_pass
#auth requisite pam_succeed_if.so uid >= 500 quiet
#auth required pam_deny.so
#
auth required pam_env.so
auth required pam_tally.so onerr=fail per_user deny=3 unlock_time=60
auth sufficient pam_unix.so try_first_pass
auth required pam_deny.so
#
#account required pam_unix.so
#account sufficient pam_succeed_if.so uid < 500 quiet
#account required pam_permit.so
account required pam_tally.so
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
#
#password requisite pam_cracklib.so try_first_pass retry=3 lcredit=-2 ucredit=-2 dcredit=-2 ocredit=-2
#password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=5
#password required pam_deny.so
password requisite pam_cracklib.so minlen=7 ucredit=-2 lcredit=-1 dcredit=-1 ocredit=-2 retry=3
password sufficient pam_unix.so use_authtok md5 shadow remember=5
password required pam_deny.so
#
#session optional pam_keyinit.so revoke
#session required pam_limits.so
#session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
#session required pam_unix.so
##Set account retries to three for GEN000460
#account required pam_tally.so deny=3 no_magic_root reset
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so

  1. 修改 ldap.conf
    那步关键便是 配置体系访谈 ldap 的参数,如 host,base dn,bind dn,bind pw,还会有取 user, pass, group 的过滤器。威尼斯人博彩 1

重启nslcd服务

service nslcd restart

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so

软件安装
yum install -y nss-pam-ldapd openldap-clients
  1. 修改 /etc/nsswitch.conf 文件
    passwd: files ldap
    shadow: files ldap
    group: files ldap

  2. 修改 /etc/pam.d/system-auth 文件
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth required pam_env.so
    auth sufficient pam_unix.so nullok try_first_pass
    auth requisite pam_succeed_if.so uid >= 500 quiet
    auth sufficient pam_ldap.so use_first_pass
    auth required pam_deny.so

This file is auto-generated.

本文由澳门威利斯人发布于澳门威利斯人,转载请注明出处:威尼斯人博彩ldap实现Linux登录账号统一管理,l

关键词: 澳门威利斯人 linux 日常笔记