Config files on CentOS

From RSWiki
Jump to navigation Jump to search

This information is deprecated. It should be considered end of life and should not be used in any production setting

/etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = SWEETNAM.EU
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
 SWEETNAM.EU = {
  kdc = 172.20.1.1:88
  admin_server = 172.20.1.1:749
  default_domain = sweetnam.eu
  kdc = 172.20.1.1
 }

[domain_realm]
 .sweetnam.eu = SWEETNAM.EU
 sweetnam.eu = SWEETNAM.EU 

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf 

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

/etc/samba/smb.conf

[global]
        idmap gid = 500-10000000
       client use spnego = yes
       domain master = no
       winbind trusted domains only = yes
        winbind use default domain = yes
       realm = SWEETNAM.EU
       template shell = /bin/bash
       netbios name = CENTOS
       password server = 172.20.1.1
       winbind enum users = no
       idmap uid = 500-10000000
       template homedir = /home/%D/%U
       workgroup = SWEETNAM
       winbind enum groups = no
       security = ads
       winbind separator = +

/etc/nsswitch.conf

passwd:     compat winbind files
shadow:     compat winbind files
group:      compat winbind files

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files
services:   files winbind

netgroup:   files winbind

publickey:  nisplus

automount:  files winbind
aliases:    files nisplus

/etc/pam.d/system-auth

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        sufficient    /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal
auth        sufficient    /lib/security/$ISA/pam_winbind.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     sufficient    /lib/security/$ISA/pam_krb5.so
account     sufficient    /lib/security/$ISA/pam_winbind.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    sufficient    /lib/security/$ISA/pam_winbind.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so