因为线上生产不可能都要以root权限去操作软件,需要其他用户权限来操作salt

本例以test用户为例:

useradd test

passwd test(test)

vim /etc/salt/master


external_auth:          <<<< enable external authentication  

  pam:                 <<<< use the LDAP external authentication module

    test:      <<<< username to which the following rules apply

      - '*':      <<<< minions to which the user has access

        - test.*        <<<< salt modules to which the user has access

        - cmd.*

        - state.*

然后保存退出

重启salt-master服务:

/etc/init.d/salt-master restart


切换用户:

su test

执行salt命令:

salt -T -a pam '*' test.ping


结果如下:


salt -T -a pam '*' test.ping

username: test

password:

test-2.3:

   True


如上会让你输入username-->输入设置账户test,然后输入密码test即可


如果执行salt -T -a pam这个命令,认证失败了,需要删除~/.salt_token就行了,rm -rf ~/.sal_token