Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente | ||
tuto:ipasserelle:authentification:debian_sssd_on_sme [22/06/2012 14:38] dani [pam] |
tuto:ipasserelle:authentification:debian_sssd_on_sme [21/10/2015 17:30] (Version actuelle) heuzef [sssd] |
||
---|---|---|---|
Ligne 8: | Ligne 8: | ||
- | <code bash> | + | <code bash> |
</ | </ | ||
Ligne 18: | Ligne 18: | ||
- | Éditez le fichier de configuration **/ | + | Éditez le fichier de configuration **/ |
<code bash> | <code bash> | ||
id_provider = ldap | id_provider = ldap | ||
Ligne 33: | Ligne 33: | ||
ldap_user_gecos = cn | ldap_user_gecos = cn | ||
ldap_tls_reqcert = hard | ldap_tls_reqcert = hard | ||
- | ldap_tls_cacert = / | + | ldap_tls_cacert = / |
ldap_id_use_start_tls = true | ldap_id_use_start_tls = true | ||
# à dé-commenter si votre serveur SME est une iPasserelle | # à dé-commenter si votre serveur SME est une iPasserelle | ||
Ligne 48: | Ligne 48: | ||
- | Il faut aussi s' | + | Il faut aussi s' |
Ligne 61: | Ligne 61: | ||
shadow: | shadow: | ||
</ | </ | ||
+ | |||
==== pam ==== | ==== pam ==== | ||
- | <code bash> | + | <code bash>cd /etc/pam.d |
- | cd /etc/pam.d | + | |
cp -a common-account common-account.orig | cp -a common-account common-account.orig | ||
cat <<' | cat <<' | ||
Ligne 72: | Ligne 72: | ||
# / | # / | ||
# | # | ||
- | # This file is included from other service-specific PAM config files, | + | |
- | # and should contain a list of the authorization modules that define | + | |
- | # the central access policy for use on the system. | + | |
- | # only deny service to users whose accounts are expired in / | + | |
- | # | + | |
- | # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | + | |
- | # To take advantage of this, it is recommended that you configure any | + | |
- | # local modules either before or after the default block, and use | + | |
- | # pam-auth-update to manage selection of other modules. | + | |
- | # pam-auth-update(8) for details. | + | |
- | # | + | |
- | + | ||
- | + | ||
- | # here are the per-package modules (the " | + | |
account [success=1 new_authtok_reqd=done default=ignore] | account [success=1 new_authtok_reqd=done default=ignore] | ||
# here's the fallback if no module succeeds | # here's the fallback if no module succeeds | ||
Ligne 94: | Ligne 82: | ||
account required | account required | ||
# and here are more per-package modules (the " | # and here are more per-package modules (the " | ||
+ | session optional | ||
account [default=bad success=ok user_unknown=ignore] | account [default=bad success=ok user_unknown=ignore] | ||
- | # end of pam-auth-update config | ||
EOF | EOF | ||
cp -a common-auth common-auth.orig | cp -a common-auth common-auth.orig | ||
Ligne 102: | Ligne 90: | ||
# / | # / | ||
# | # | ||
- | # This file is included from other service-specific PAM config files, | + | |
- | # and should contain a list of the authentication modules that define | + | |
- | # the central authentication scheme for use on the system | + | |
- | # (e.g., / | + | |
- | # traditional Unix authentication mechanisms. | + | |
- | # | + | |
- | # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | + | |
- | # To take advantage of this, it is recommended that you configure any | + | |
- | # local modules either before or after the default block, and use | + | |
- | # pam-auth-update to manage selection of other modules. | + | |
- | # pam-auth-update(8) for details. | + | |
- | + | ||
# here are the per-package modules (the " | # here are the per-package modules (the " | ||
auth [success=2 default=ignore] | auth [success=2 default=ignore] | ||
Ligne 125: | Ligne 101: | ||
auth required | auth required | ||
# and here are more per-package modules (the " | # and here are more per-package modules (the " | ||
- | # end of pam-auth-update config | ||
EOF | EOF | ||
cp -a common-password common-password.orig | cp -a common-password common-password.orig | ||
Ligne 131: | Ligne 106: | ||
# | # | ||
# / | # / | ||
- | # | + | |
- | # This file is included from other service-specific PAM config files, | + | |
- | # and should contain a list of modules that define the services to be | + | |
- | # used to change user passwords. | + | |
- | + | ||
- | + | ||
- | # Explanation of pam_unix options: | + | |
- | # | + | |
- | # The " | + | |
- | # the default is Unix crypt. | + | |
- | # | + | |
- | # The " | + | |
- | # login.defs. | + | |
- | # | + | |
- | # See the pam_unix manpage for other options. | + | |
- | + | ||
- | + | ||
- | # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | + | |
- | # To take advantage of this, it is recommended that you configure any | + | |
- | # local modules either before or after the default block, and use | + | |
- | # pam-auth-update to manage selection of other modules. | + | |
- | # pam-auth-update(8) for details. | + | |
- | + | ||
# here are the per-package modules (the " | # here are the per-package modules (the " | ||
- | password | + | password |
- | password | + | password |
# here's the fallback if no module succeeds | # here's the fallback if no module succeeds | ||
password | password | ||
Ligne 165: | Ligne 118: | ||
password | password | ||
# and here are more per-package modules (the " | # and here are more per-package modules (the " | ||
- | # end of pam-auth-update config | + | |
- | cp -a comomn-session common-session.orig | + | |
+ | EOF | ||
+ | cp -a common-session common-session.orig | ||
+ | cat <<' | ||
# | # | ||
# / | # / | ||
- | # | + | # |
- | # This file is included from other service-specific PAM config files, | + | |
- | # and should contain a list of modules that define tasks to be performed | + | |
- | # at the start and end of sessions of *any* kind (both interactive and | + | |
- | # non-interactive). | + | |
- | # | + | |
- | # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | + | |
- | # To take advantage of this, it is recommended that you configure any | + | |
- | # local modules either before or after the default block, and use | + | |
- | # pam-auth-update to manage selection of other modules. | + | |
- | # pam-auth-update(8) for details. | + | |
- | + | ||
# here are the per-package modules (the " | # here are the per-package modules (the " | ||
- | session [default=1] | + | session [default=1] |
# here's the fallback if no module succeeds | # here's the fallback if no module succeeds | ||
- | session requisite | + | session requisite |
# prime the stack with a positive return value if there isn't one already; | # prime the stack with a positive return value if there isn't one already; | ||
# this avoids us returning an error just because nothing sets a success code | # this avoids us returning an error just because nothing sets a success code | ||
# since the modules above will each just jump around | # since the modules above will each just jump around | ||
- | session required | + | session required |
# and here are more per-package modules (the " | # and here are more per-package modules (the " | ||
session optional | session optional | ||
- | session optional | + | session optional |
- | session required | + | session required |
- | # end of pam-auth-update config | + | |
+ | |||
EOF | EOF | ||
+ | </ | ||
+ | |||
+ | ==== Activation au démarrage ==== | ||
+ | <code bash> | ||
+ | update-rc.d sssd enable | ||
+ | / | ||
</ | </ | ||