Home | 簡體中文 | 繁體中文 | 雜文 | 知乎專欄 | Github | OSChina 博客 | 雲社區 | 雲棲社區 | Facebook | Linkedin | 視頻教程 | 打賞(Donations) | About
知乎專欄多維度架構 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者”

第 140 章 Authentication

目錄

140.1. /etc/login.defs
140.2. PAM 插件認證
140.2.1. pam_tally2.so
140.2.2. pam_listfile.so
140.2.3. pam_access.so
140.2.4. pam_wheel.so
140.3. Network Authentication
140.3.1. Network Information Service (NIS)
140.3.1.1. 安裝NIS伺服器
140.3.1.2. Slave NIS Server
140.3.1.3. 客戶機軟件安裝
140.3.1.4. Authentication Configuration
140.3.1.5. application example
140.3.1.6. Mount /home volume from NFS
140.3.2. OpenLDAP
140.3.2.1. Server
140.3.2.2. Client
140.3.2.3. User and Group Management
140.3.3. Kerberos
140.3.3.1. Kerberos 安裝
140.3.3.1.1. CentOS 安裝
140.3.3.1.2. Install by apt-get
140.3.3.2. Kerberos Server
140.3.3.3. Kerberos Client
140.3.3.4. Kerberos Management
140.3.3.4.1. ktutil - Kerberos keytab file maintenance utility
140.3.3.4.2. klist - list cached Kerberos tickets
140.3.3.5. OpenSSH Authentications
140.3.3.5.1. Configuring the Application server system
140.3.3.5.2. Configuring the Application client system
140.3.4. FreeRADIUS (Remote Authentication Dial In User Service)
140.3.4.1. 安裝 FreeRADIUS
140.3.4.1.1. Ubuntu
140.3.4.1.2. 安裝 radiusd
140.3.4.2. ldap
140.3.4.3. mysql
140.3.4.4. WAP2 Enterprise
140.3.5. SASL (Simple Authentication and Security Layer)
140.3.6. GSSAPI (Generic Security Services Application Program Interface)

140.1. /etc/login.defs

登陸參數設定配置檔案

# cat /etc/login.defs
#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
#

# *REQUIRED*
#   Directory where mailboxes reside, _or_ name of file, relative to the
#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
#   QMAIL_DIR is for Qmail
#
#QMAIL_DIR	Maildir
MAIL_DIR	/var/spool/mail
#MAIL_FILE	.mail

# Password aging controls:
#
#	PASS_MAX_DAYS	Maximum number of days a password may be used.
#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
#	PASS_MIN_LEN	Minimum acceptable password length.
#	PASS_WARN_AGE	Number of days warning given before a password expires.
#
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_MIN_LEN	5
PASS_WARN_AGE	7

#
# Min/max values for automatic uid selection in useradd
#
UID_MIN			  500
UID_MAX			60000

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN			  500
GID_MAX			60000

#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD	/usr/sbin/userdel_local

#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME	yes

# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK           077

# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes

# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512