Openldap posix accounts: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) (→sudo) |
||
| Zeile 1: | Zeile 1: | ||
| + | |||
| + | =ldap pam install= | ||
| + | apt-get install libpam-ldap | ||
| + | =Anpassen der Pam= | ||
| + | ==Die Authentifizierung(installation nimmt einstellung schon vor)== | ||
| + | gawron:/etc/pam.d# cat common-auth | ||
| + | auth sufficient pam_ldap.so | ||
| + | auth required pam_unix.so nullok_secure use_first_pass | ||
| + | ==Das Accounting(installation nimmt einstellung schon vor)== | ||
| + | gawron:/etc/pam.d# cat common-account | ||
| + | account sufficient pam_ldap.so | ||
| + | account required pam_unix.so | ||
| + | ==Passwort änderungen== | ||
| + | gawron:/etc/pam.d# cat common-password | ||
| + | password sufficient pam_ldap.so | ||
| + | password sufficient pam_unix.so | ||
| + | password required pam_deny.so | ||
| + | ==Die Session== | ||
| + | gawron:/etc/pam.d# cat common-session | ||
| + | session required pam_mkhomedir.so skel=/etc/skel umask=0022 | ||
| + | session required pam_unix.so | ||
| + | ==Passwort für den User setzen== | ||
| + | gawron:/etc/pam.d# passwd leroy | ||
| + | New password: | ||
| + | Re-enter new password: | ||
| + | LDAP password information changed for leroy | ||
| + | passwd: password updated successfully | ||
| + | |||
=sudo= | =sudo= | ||
*/etc/pam.d/common-auth | */etc/pam.d/common-auth | ||
Version vom 17. Januar 2018, 15:53 Uhr
ldap pam install
apt-get install libpam-ldap
Anpassen der Pam
Die Authentifizierung(installation nimmt einstellung schon vor)
gawron:/etc/pam.d# cat common-auth auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass
Das Accounting(installation nimmt einstellung schon vor)
gawron:/etc/pam.d# cat common-account account sufficient pam_ldap.so account required pam_unix.so
Passwort änderungen
gawron:/etc/pam.d# cat common-password password sufficient pam_ldap.so password sufficient pam_unix.so password required pam_deny.so
Die Session
gawron:/etc/pam.d# cat common-session session required pam_mkhomedir.so skel=/etc/skel umask=0022 session required pam_unix.so
Passwort für den User setzen
gawron:/etc/pam.d# passwd leroy New password: Re-enter new password: LDAP password information changed for leroy passwd: password updated successfully
sudo
- /etc/pam.d/common-auth
#First entry should be auth required pam_group.so use_first_pass
- /etc/security/group.conf
*;*;*;Al0000-2400;audio,cdrom,dialout,floppy,sudo,adm,video