Samba e OpenLDAP: creare un controller di dominio con Debian Squeeze: differenze tra le versioni

Samba e OpenLDAP: creare un controller di dominio con Debian Squeeze (visualizza wikitesto)

Versione delle 23:28, 31 ott 2011

1 570 byte rimossi , 31 ott 2011

→‎Installazione di libpam-ldap

Ferdybassi

Burocrati, Amministratori

4 069

contributi

@@ Riga 1 309: / Riga 1 309: @@
 nss_base_group ou=Groups,dc=dominio,dc=local?one
 </pre>
-Ora è necessario andare a modificare i quattro files che gestiscono la configurazione di pam per LDAP in modo che il loro contenuto sia:<br/><br/>
+=== Sicurezza del server: configurazione di Pam ===
+Il metodo migliore per evitare che gli utenti indiscriminatamente si logghino sul server è configurare correttamente ''PAM''. Andiamo quindi a modificare i quattro files che gestiscono la configurazione di ''pam'' per LDAP in modo che il loro contenuto sia:<br/><br/>
 '''/etc/pam.d/common-account'''<br/>
 <pre>
-#
 #/etc/pam.d/common-account - authorization settings common to all services
-##
-This file is included from other service-specific PAM config files,
-# and should contain a list of the authorization modules that define
-# the central access policy for use on the system. The default is to
-# only deny service to users whose accounts are expired in /etc/shadow.
-#
-#account required pam_unix.so
 account sufficient pam_ldap.so
-account required pam_unix.so try_first_pass
+account required pam_unix.so
 </pre>
 <br/>
 '''/etc/pam.d/common-auth'''<br/>
 <pre>
-#
 # /etc/pam.d/common-auth - authentication settings common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of the authentication modules that define
-# the central authentication scheme for use on the system
-# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
-# traditional Unix authentication mechanisms.
-#
-#auth required pam_unix.so nullok_secure
-#auth [success=1 default=ignore] pam_unix.so
-#auth required pam_ldap.so use_first_pass
 auth sufficient pam_ldap.so
 auth required pam_unix.so nullok_secure use_first_pass
@@ Riga 1 346: / Riga 1 328: @@
 <pre>
 # /etc/pam.d/common-password - password-related modules common to all services
-##
+password sufficient pam_ldap.so md5
-This file is included from other service-specific PAM config files,
+password required pam_unix.so nullok obscure md5
-# and should contain a list of modules that define the services to be
-#used to change user passwords. The default is pam_unix
-# The "nullok" option allows users to change an empty password, else
-# empty passwords are treated as locked accounts.
-#
-# (Add `md5' after the module name to enable MD5 passwords)
-#
-# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
-# login.defs. Also the "min" and "max" options enforce the length of the
-# new password.
-#password required pam_unix.so nullok obscure min=4 max=8 md5
-# Alternate strength checking for password. Note that this
-# requires the libpam-cracklib package to be installed.
-# You will need to comment out the password line above and
-# uncomment the next two in order to use this.
-# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
-#
-# password required pam_cracklib.so retry=3 minlen=6 difok=3
-# password required pam_unix.so use_authtok nullok md5
-password sufficient pam_ldap.so
-password required pam_unix.so nullok obscure md5 use_first_pass
 </pre>
 <br/>
 '''/etc/pam.d/common-session'''<br/>
 <pre>
+session required pam_mkhomedir.so skel=/etc/skel
 session    sufficient      pam_ldap.so
 session    required        pam_unix.so

Samba e OpenLDAP: creare un controller di dominio con Debian Squeeze: differenze tra le versioni

Samba e OpenLDAP: creare un controller di dominio con Debian Squeeze (visualizza wikitesto)

Versione delle 23:28, 31 ott 2011

Menu di navigazione

Ricerca