Difference between revisions of "Config files on CentOS"

From RSWiki
Jump to navigation Jump to search
Line 1: Line 1:
'''Please go [[Using Active Directory for CentOS |to this document]] For a working config.'''

Latest revision as of 11:45, 27 February 2017

Announcements.png This information is deprecated. It should be considered end of life and should not be used in any production setting


default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

default_realm = SWEETNAM.EU
dns_lookup_realm = true
dns_lookup_kdc = true

  kdc =
  admin_server =
  default_domain = sweetnam.eu
  kdc =

 .sweetnam.eu = SWEETNAM.EU
 sweetnam.eu = SWEETNAM.EU 

 profile = /var/kerberos/krb5kdc/kdc.conf 

 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false


        idmap gid = 500-10000000
       client use spnego = yes
       domain master = no
       winbind trusted domains only = yes
        winbind use default domain = yes
       realm = SWEETNAM.EU
       template shell = /bin/bash
       netbios name = CENTOS
       password server =
       winbind enum users = no
       idmap uid = 500-10000000
       template homedir = /home/%D/%U
       workgroup = SWEETNAM
       winbind enum groups = no
       security = ads
       winbind separator = +


passwd:     compat winbind files
shadow:     compat winbind files
group:      compat winbind files

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files
services:   files winbind

netgroup:   files winbind

publickey:  nisplus

automount:  files winbind
aliases:    files nisplus


auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        sufficient    /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal
auth        sufficient    /lib/security/$ISA/pam_winbind.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     sufficient    /lib/security/$ISA/pam_krb5.so
account     sufficient    /lib/security/$ISA/pam_winbind.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    sufficient    /lib/security/$ISA/pam_winbind.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so