More Active Directory and Linux

From RSWiki
Revision as of 10:54, 8 July 2006 by Robert (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

/etc/krb.conf 

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log 

[libdefaults]
 ticket_lifetime = 24000
 default_realm = EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 default_tkt_enctypes = des-cbc-md5 des-cbc-crc
 default_tgs_enctypes = des-cbc-md5 des-cbc-crc 

[realms]
 EXAMPLE.COM = { 
  kdc = kdc1.example.com:88
  kdc = kdc2.example.com:88
  admin_server = kdc1.example.com:749
  kpasswd_server = kdc1.example.com:464
  kpasswd_protocol = SET_CHANGE
  default_domain = example.com
 }

[domain_realm]
 .example.com = EXAMPLE.COM
 example.com = EXAMPLE.COM  

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

/etc/pam.d/system-auth 

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth   required    /lib/security/$ISA/pam_env.so
auth   sufficient  /lib/security/$ISA/pam_krb5.so
auth   sufficient  /lib/security/$ISA/pam_unix.so use_first_pass likeauth nullok
auth   required    /lib/security/$ISA/pam_deny.so 

account   required    /lib/security/$ISA/pam_unix.so  

password  required    /lib/security/$ISA/pam_cracklib.so retry=3 type=
password  sufficient  /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password  required    /lib/security/$ISA/pam_deny.so

session   required    /lib/security/$ISA/pam_limits.so
session   required    /lib/security/$ISA/pam_unix.so
session   optional    /lib/security/$ISA/pam_krb5.so

/etc/nsswitch.conf 

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#	nisplus or nis+		Use NIS+ (NIS version 3)
#	nis or yp		Use NIS (NIS version 2), also called YP
#	dns			Use DNS (Domain Name Service)
#	files			Use the local files
#	db			Use the local database (.db) files
#	compat			Use NIS on compat mode
#	hesiod			Use Hesiod for user lookups
#	[NOTFOUND=return]	Stop searching if not found so far
# 

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files ldap [TRYAGAIN=continue]
shadow:     files
group:      files ldap [TRYAGAIN=continue]

hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files      

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files 

netgroup:   files 

publickey:  nisplus

automount:  files
aliases:    files nisplus
Retrieved from "https://www.sweetnam.eu/index.php?title=More_Active_Directory_and_Linux&oldid=1465"