PAM LDAP在Linux Redhat 5和Solaris 10系统上的用户认证
每个系统都需要对用户进行认证Authentication和鉴权Authorization,用户集中管理只需要一份用户信息,简化了管理。通过PAM能够对不同的认证系统进行动态配置,如Radius,LDAP。
PAM LDAP on Linux Redhat5
1 Configure OpenLDAP
OpenLDAP is installed at /usr/local/, the LDAP server configuration file is /usr/local/etc/openldap/slapd.conf, and including the following setting which will be modified according the specific context.
#access control
access to * by * read
atabase bdb
suffix "dc=cisco,dc=com"
rootdn "cn=root,dc=cisco,dc=com"
rootpw Crdc%123
#if log is needed, and add “local4.* /var/log/ldap/ldap.log” into /etc/syslog.conf
loglevel any
LDAP client configuration file is etc/openldap/ldap.conf.
Then start LDAP server:
# /usr/local/libexec/slapd
2 Import user accounts
Create the ldif file to include all the user accounts information. One binding user is required to send binding request to LDAP before authentication start.
users.ldif :
dn: uid=testbind,dc=cisco,dc=com
uid: testbind
cn: testbind
sn: testbind
userPassword: testbind
uidNumber: 1104
gidNumber: 1100
homeDirectory: /home/testbind
loginShell: /bin/bash
objectClass: inetOrgPerson
objectClass: posixAccount
dn: uid=test,dc=cisco,dc=com
uid: test
cn: test
sn: test
userPassword: test
uidNumber: 1105
gidNumber: 1100
homeDirectory: /home/test
loginShell: /bin/bash
objectClass: inetOrgPerson
objectClass: posixAccount
….
Use the following command to add and search the user accounts:
#ldapadd -x -D "cn=root,dc=cisco,dc=com" -W -f users.ldif
#ldapsearch -x -D "cn=root,dc=cisco,dc=com" -W -b "cn=test,dc=cisco,dc=com"
#ldapdelete -x -D "cn=root,dc=cisco,dc=com" -W "ou=people,dc=cisco,dc=com"
<
PAM LDAP在Linux Redhat 5和Solaris 10系统上的用户认证
最新推荐文章于 2023-07-06 15:32:00 发布
本文详细介绍了如何在Linux Redhat 5和Solaris 10系统上配置PAM LDAP用户认证。首先,需要配置OpenLDAP服务器,包括设置访问控制、导入用户账户。接着,对Linux系统的PAM进行设置,指定PAM模块与LDAP服务器的连接参数。对于Solaris系统,文章同样阐述了配置OpenLDAP和PAM LDAP的步骤,并提供了验证方法。
摘要由CSDN通过智能技术生成