Pam krb5: Difference between revisions
Jump to navigation
Jump to search
Die Seite wurde neu angelegt: == Description == After we connected our Linux machine via Samba to our Windows ADS we now want ADS users to login to our Linux machine via single sign on using their A... |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Description == | == Description == | ||
After we connected our Linux machine via Samba to our Windows ADS we now want ADS users to | After we connected our Linux machine via Samba to our Windows ADS we now want ADS users to log in to our Linux machine via single sign on using their ADS accounts and passwords. For this we need the pam module pam_krb5. | ||
== Dependencies == | == Dependencies == | ||
| Line 6: | Line 6: | ||
== Packages == | == Packages == | ||
{{ | {{Code|emerge pam_krb5 -pv| | ||
<pre> | <pre> | ||
[ebuild N ] sys-auth/pam_krb5-3.10 USE="-doc" 153 kB | [ebuild N ] sys-auth/pam_krb5-3.10 USE="-doc" 153 kB | ||
| Line 13: | Line 13: | ||
== Installation == | == Installation == | ||
{{ | {{Root|emerge pam_krb5}} | ||
== Configuration == | == Configuration == | ||
{{ | {{File|/etc/pam.d/system-auth| | ||
<pre> | <pre> | ||
#%PAM-1.0 | #%PAM-1.0 | ||
| Line 38: | Line 38: | ||
</pre> | </pre> | ||
}} | }} | ||
== Add User Permissions == | |||
{{Root|usermod -a -G wheel,plugdev,audio,cdrom,video,lp,kvm,qemu <user>}} | |||
Latest revision as of 15:13, 27 July 2011
Description
After we connected our Linux machine via Samba to our Windows ADS we now want ADS users to log in to our Linux machine via single sign on using their ADS accounts and passwords. For this we need the pam module pam_krb5.
Dependencies
Samba - connected to ADS
Packages
| Code: emerge pam_krb5 -pv |
[ebuild N ] sys-auth/pam_krb5-3.10 USE="-doc" 153 kB |
Installation
# emerge pam_krb5
Configuration
File: /etc/pam.d/system-auth
#%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so try_first_pass likeauth nullok auth sufficient pam_krb5.so # allow users from windows active directory auth required pam_deny.so account required pam_unix.so account sufficient pam_krb5.so minimum_uid=1100 # allow users from windows active directory password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3 password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow password required pam_deny.so session required pam_limits.so session required pam_unix.so session optional pam_krb5.so minimum_uid=1100 # allow users from windows active directory session optional pam_mkhomedir.so skel=/etc/skel umask=0022 silent # create new homedir for windows active directory users
Add User Permissions
# usermod -a -G wheel,plugdev,audio,cdrom,video,lp,kvm,qemu <user>