Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente | ||
tuto:ipasserelle:authentification:debian_sssd_on_sme [22/06/2012 12:15] dani |
tuto:ipasserelle:authentification:debian_sssd_on_sme [21/10/2015 17:30] (Version actuelle) heuzef [sssd] |
||
---|---|---|---|
Ligne 8: | Ligne 8: | ||
- | <code bash> | + | <code bash> |
</ | </ | ||
Ligne 18: | Ligne 18: | ||
- | Éditez le fichier de configuration **/ | + | Éditez le fichier de configuration **/ |
<code bash> | <code bash> | ||
id_provider = ldap | id_provider = ldap | ||
Ligne 33: | Ligne 33: | ||
ldap_user_gecos = cn | ldap_user_gecos = cn | ||
ldap_tls_reqcert = hard | ldap_tls_reqcert = hard | ||
- | ldap_tls_cacert = / | + | ldap_tls_cacert = / |
ldap_id_use_start_tls = true | ldap_id_use_start_tls = true | ||
# à dé-commenter si votre serveur SME est une iPasserelle | # à dé-commenter si votre serveur SME est une iPasserelle | ||
Ligne 48: | Ligne 48: | ||
- | Il faut aussi s' | + | Il faut aussi s' |
Ligne 64: | Ligne 64: | ||
==== pam ==== | ==== pam ==== | ||
+ | |||
+ | |||
+ | <code bash>cd /etc/pam.d | ||
+ | cp -a common-account common-account.orig | ||
+ | cat <<' | ||
+ | # | ||
+ | # / | ||
+ | # | ||
+ | |||
+ | |||
+ | account [success=1 new_authtok_reqd=done default=ignore] | ||
+ | # here's the fallback if no module succeeds | ||
+ | account requisite | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | account required | ||
+ | # and here are more per-package modules (the " | ||
+ | session optional | ||
+ | account [default=bad success=ok user_unknown=ignore] | ||
+ | EOF | ||
+ | cp -a common-auth common-auth.orig | ||
+ | cat <<' | ||
+ | # | ||
+ | # / | ||
+ | # | ||
+ | |||
+ | # here are the per-package modules (the " | ||
+ | auth [success=2 default=ignore] | ||
+ | auth [success=1 default=ignore] | ||
+ | # here's the fallback if no module succeeds | ||
+ | auth requisite | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | auth required | ||
+ | # and here are more per-package modules (the " | ||
+ | EOF | ||
+ | cp -a common-password common-password.orig | ||
+ | cat <<' | ||
+ | # | ||
+ | # / | ||
+ | |||
+ | |||
+ | # here are the per-package modules (the " | ||
+ | password | ||
+ | password | ||
+ | # here's the fallback if no module succeeds | ||
+ | password | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | password | ||
+ | # and here are more per-package modules (the " | ||
+ | |||
+ | |||
+ | EOF | ||
+ | cp -a common-session common-session.orig | ||
+ | cat <<' | ||
+ | # | ||
+ | # / | ||
+ | # | ||
+ | |||
+ | # here are the per-package modules (the " | ||
+ | session [default=1] | ||
+ | # here's the fallback if no module succeeds | ||
+ | session requisite | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | session required | ||
+ | # and here are more per-package modules (the " | ||
+ | session optional | ||
+ | session optional | ||
+ | session required | ||
+ | |||
+ | |||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | ==== Activation au démarrage ==== | ||
+ | <code bash> | ||
+ | update-rc.d sssd enable | ||
+ | / | ||
+ | </ | ||