zoukankan      html  css  js  c++  java
  • Centos7 Ldap 客户端

    【nslcd】
    [root@vlx ~]# vim /etc/pam.d/system-auth
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required      pam_env.so
    auth        required      pam_faildelay.so delay=2000000
    auth        sufficient    pam_fprintd.so
    auth        sufficient    pam_unix.so nullok try_first_pass
    auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
    auth        sufficient    pam_ldap.so use_first_pass
    auth        required      pam_deny.so
    
    account     required      pam_unix.so broken_shadow
    account     sufficient    pam_localuser.so
    account     sufficient    pam_succeed_if.so uid < 1000 quiet
    account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
    account     required      pam_permit.so
    
    password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
    password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    password    sufficient    pam_ldap.so use_authtok
    password    required      pam_deny.so
    
    session     optional      pam_keyinit.so revoke
    session     required      pam_limits.so
    -session     optional      pam_systemd.so
    session     optional      pam_mkhomedir.so umask=0077  #ssh 登录自动创建家目录
    session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
    session     required      pam_unix.so
    session     optional      pam_ldap.so
    
    [root@master-1 ~]# vim /etc/pam.d/password-auth
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required      pam_env.so
    auth        required      pam_faildelay.so delay=2000000
    auth        sufficient    pam_unix.so nullok try_first_pass
    auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
    auth        sufficient    pam_ldap.so use_first_pass
    auth        required      pam_deny.so
    
    account     required      pam_unix.so broken_shadow
    account     sufficient    pam_localuser.so
    account     sufficient    pam_succeed_if.so uid < 1000 quiet
    account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
    account     required      pam_permit.so
    
    password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
    password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    password    sufficient    pam_ldap.so use_authtok
    
    
    password    required      pam_deny.so
    
    session     optional      pam_keyinit.so revoke
    session     required      pam_limits.so
    -session     optional      pam_systemd.so
    session     optional      pam_mkhomedir.so umask=0077  #su 自动创建家目录
    session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
    session     required      pam_unix.so
    session     optional      pam_ldap.so
    
    8、限制主机登录用户
    
    [root@localhost ~]# vim /etc/nslcd.conf
    #在文件末尾添加下述命令语句,此语句表示仅匹配gidNumber为50896的用户进行登录认证
    filter passwd (gidNumber=50896)
    [root@localhost ~]# systemctl restart nslcd
    
    作者:小尛酒窝
    链接:https://www.jianshu.com/p/af295531eaf6
    来源:简书
    简书著作权归作者所有,任何形式的转载都请联系作者获得授权并注明出处。
    
    【SSSD】
    [root@vlxclbt1 ~]# vim password-auth
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required      pam_env.so
    auth        required      pam_faildelay.so delay=2000000
    auth        [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
    auth        [default=1 ignore=ignore success=ok] pam_localuser.so
    auth        sufficient    pam_unix.so nullok try_first_pass
    auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
    auth        sufficient    pam_sss.so forward_pass
    auth        sufficient    pam_ldap.so use_first_pass
    auth        required      pam_deny.so
    
    account     required      pam_unix.so broken_shadow
    account     sufficient    pam_localuser.so
    account     sufficient    pam_succeed_if.so uid < 1000 quiet
    account     [default=bad success=ok user_unknown=ignore] pam_sss.so
    account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
    account     required      pam_permit.so
    
    password    requisite     pam_pwquality.so try_first_pass retry=5 minlen=8 lcredit=-1 dcredit=-1 ocredit=-1 enforce_for_root  remember=5
    password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    password    sufficient    pam_sss.so use_authtok
    password    sufficient    pam_ldap.so use_authtok
    
    
    password    required      pam_deny.so
    
    session     optional      pam_keyinit.so revoke
    session     required      pam_limits.so
    -session     optional      pam_systemd.so
    session     optional      pam_oddjob_mkhomedir.so umask=0077
    session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
    session     required      pam_unix.so
    session     optional      pam_sss.so
    session     optional      pam_ldap.so
    
    
    [root@vlxs ~]# vim system-auth
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required      pam_env.so
    auth        required      pam_faildelay.so delay=2000000
    auth        sufficient    pam_fprintd.so
    auth        [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
    auth        [default=1 ignore=ignore success=ok] pam_localuser.so
    auth        sufficient    pam_unix.so nullok try_first_pass
    auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
    auth        sufficient    pam_sss.so forward_pass
    auth        sufficient    pam_ldap.so use_first_pass
    auth        required      pam_deny.so
    
    account     required      pam_unix.so broken_shadow
    account     sufficient    pam_localuser.so
    account     sufficient    pam_succeed_if.so uid < 1000 quiet
    account     [default=bad success=ok user_unknown=ignore] pam_sss.so
    account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
    account     required      pam_permit.so
    
    password    requisite     pam_pwquality.so try_first_pass retry=5 minlen=8 lcredit=-1 dcredit=-1 ocredit=-1 enforce_for_root  remember=5
    password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    password    sufficient    pam_sss.so use_authtok
    password    sufficient    pam_ldap.so use_authtok
    password    required      pam_deny.so
    
    session     optional      pam_keyinit.so revoke
    session     required      pam_limits.so
    -session     optional      pam_systemd.so
    session     optional      pam_oddjob_mkhomedir.so umask=0077
    session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
    session     required      pam_unix.so
    session     optional      pam_sss.so
    session     optional      pam_ldap.so
  • 相关阅读:
    cae when分组统计
    查看 Chrome 下载的文件的真实下载地址
    directory opus使用教程
    文件内容极速搜索工具: silversearcher-ag
    LINUX SHELL 变量的二次引用
    JS小练习
    jQuery
    JS-BOM对象
    JS-DOM对象
    JavaScript-基础知识
  • 原文地址:https://www.cnblogs.com/lingfenglian/p/12768350.html
Copyright © 2011-2022 走看看