4 069
contributi
Riga 1 131: | Riga 1 131: | ||
# The ldap-admin account. The appropriate password is in /etc/libnss-ldap.secret. Keep the permissions right. | # The ldap-admin account. The appropriate password is in /etc/libnss-ldap.secret. Keep the permissions right. | ||
rootbinddn cn=admin,dc=dominio,dc=local | rootbinddn cn=admin,dc=dominio,dc=local | ||
</pre> | |||
L'installazione del pacchetto libpam-ldap viene eseguita allo stesso modo di quella precedente: | |||
<pre> | |||
# apt-get install libpam-ldap | |||
# dpkg-reconfigure libpam-ldap | |||
</pre> | |||
rispondendo in questo modo alle domande poste dall'installer: | |||
* Server LDAP: 127.0.0.1 | |||
* Distinguished name (DN): dc=dominio,dc=local | |||
* LDAP version: 3 | |||
* Make local root Database admin: sí | |||
* Si richiede utente per database LDAP: no | |||
* LDAP account for root cn=admin,dc=dominio,dc=local | |||
* LDAP root password: password | |||
* Local crypt to use when changing passwords: md5 | |||
Ora è necessario andare a modificare i quattro files che gestiscono la configurazione di pam per LDAP in modo che il loro contenuto sia:<br/><br/> | |||
'''/etc/pam.d/common-account'''<br/> | |||
<pre> | |||
# | |||
#/etc/pam.d/common-account - authorization settings common to all services | |||
## | |||
This file is included from other service-specific PAM config files, | |||
# and should contain a list of the authorization modules that define | |||
# the central access policy for use on the system. The default is to | |||
# only deny service to users whose accounts are expired in /etc/shadow. | |||
# | |||
#account required pam_unix.so | |||
account sufficient pam_ldap.so | |||
account required pam_unix.so try_first_pass | |||
</pre> | |||
<br/> | |||
'''/etc/pam.d/common-auth'''<br/> | |||
<pre> | |||
# | |||
# /etc/pam.d/common-auth - authentication settings common to all services | |||
# | |||
# This file is included from other service-specific PAM config files, | |||
# and should contain a list of the authentication modules that define | |||
# the central authentication scheme for use on the system | |||
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the | |||
# traditional Unix authentication mechanisms. | |||
# | |||
#auth required pam_unix.so nullok_secure | |||
auth sufficient pam_ldap.so | |||
auth required pam_unix.so nullok_secure use_first_pass | |||
</pre> | |||
<br/> | |||
'''/etc/pam.d/common-password'''<br/> | |||
<pre> | |||
# /etc/pam.d/common-password - password-related modules common to all services | |||
# | |||
#This file is included from other service-specific PAM config files, | |||
# and should contain a list of modules that define the services to be | |||
#used to change user passwords. The default is pam_unix | |||
# The "nullok" option allows users to change an empty password, else | |||
# empty passwords are treated as locked accounts. | |||
# | |||
# (Add `md5' after the module name to enable MD5 passwords) | |||
# | |||
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in | |||
# login.defs. Also the "min" and "max" options enforce the length of the | |||
# new password. | |||
#password required pam_unix.so nullok obscure min=4 max=8 md5 | |||
# Alternate strength checking for password. Note that this | |||
# requires the libpam-cracklib package to be installed. | |||
# You will need to comment out the password line above and | |||
# uncomment the next two in order to use this. | |||
# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') | |||
# | |||
# password required pam_cracklib.so retry=3 minlen=6 difok=3 | |||
# password required pam_unix.so use_authtok nullok md5 | |||
password sufficient pam_ldap.so | |||
password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass | |||
</pre> | |||
<br/> | |||
'''/etc/pam.d/common-session'''<br/> | |||
<pre> | |||
session sufficient pam_ldap.so | |||
session required pam_unix.so | |||
</pre> | </pre> | ||
Ora facciamo ripartire i demoni: | Ora facciamo ripartire i demoni: |