cn:ccr:aai:howto:login-linux
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| cn:ccr:aai:howto:login-linux [2016/10/18 09:26] – dmaselli@infn.it | cn:ccr:aai:howto:login-linux [2016/10/18 09:27] (current) – dmaselli@infn.it | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Login Linux via INFN-AAI ====== | ||
| + | |||
| + | https:// | ||
| + | |||
| + | yum install nss-pam-ldapd pam_ldap pam_krb5 | ||
| + | |||
| + | ---- | ||
| + | |||
| + | authconfig-tui | ||
| + | |||
| + | ┌────────────────┤ Authentication Configuration ├─────────────────┐ | ||
| + | │ │ | ||
| + | │ User Information | ||
| + | │ [*] Cache Information | ||
| + | │ [*] Use LDAP [*] Use Shadow Passwords | ||
| + | │ [ ] Use NIS [ ] Use LDAP Authentication | ||
| + | │ [ ] Use IPAv2 [*] Use Kerberos | ||
| + | │ [ ] Use Winbind | ||
| + | │ [ ] Use Winbind Authentication | ||
| + | │ [*] Local authorization is sufficient | ||
| + | │ │ | ||
| + | │ ┌────────┐ | ||
| + | │ │ Cancel │ │ Next │ │ | ||
| + | │ └────────┘ | ||
| + | │ │ | ||
| + | │ │ | ||
| + | └─────────────────────────────────────────────────────────────────┘ | ||
| + | |||
| + | |||
| + | ┌─────────────────┤ LDAP Settings ├─────────────────┐ | ||
| + | │ │ | ||
| + | │ [*] Use TLS │ | ||
| + | │ Server: ldap:// | ||
| + | │ Base DN: dc=lnf, | ||
| + | │ │ | ||
| + | │ | ||
| + | │ │ Back │ │ Next │ │ | ||
| + | │ | ||
| + | │ │ | ||
| + | │ │ | ||
| + | └───────────────────────────────────────────────────┘ | ||
| + | |||
| + | |||
| + | ┌─────────────────┤ Kerberos Settings ├──────────────────┐ | ||
| + | │ │ | ||
| + | │ Realm: LNF.INFN.IT_____________________________ │ | ||
| + | │ KDC: ________________________________________ │ | ||
| + | │ Admin Server: ________________________________________ │ | ||
| + | │ [*] Use DNS to resolve hosts to realms | ||
| + | │ [*] Use DNS to locate KDCs for realms | ||
| + | │ │ | ||
| + | │ ┌──────┐ | ||
| + | │ │ Back │ │ Ok │ │ | ||
| + | │ └──────┘ | ||
| + | │ │ | ||
| + | │ │ | ||
| + | └────────────────────────────────────────────────────────┘ | ||
| + | |||
| + | |||
| + | ┌────────────────┤ Warning ├─────────────────┐ | ||
| + | │ │ | ||
| + | │ To connect to a LDAP server with TLS │ | ||
| + | │ protocol enabled you need a CA certificate │ | ||
| + | │ which signed your server' | ||
| + | │ Copy the certificate in the PEM format to │ | ||
| + | │ the '/ | ||
| + | │ Then press OK. │ | ||
| + | │ │ | ||
| + | │ ┌────┐ | ||
| + | │ │ Ok │ │ | ||
| + | │ └────┘ | ||
| + | │ │ | ||
| + | │ │ | ||
| + | └────────────────────────────────────────────┘ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | curl http:// | ||
| + | |||
| + | ---- | ||
| + | |||
| + | **vi / | ||
| + | |||
| + | # The distinguished name to bind to the server with. | ||
| + | # Optional: default is to bind anonymously. | ||
| + | binddn cn=daemon, | ||
| + | |||
| + | # The credentials to bind with. | ||
| + | # Optional: default is no credentials. | ||
| + | # Note that if you set a bindpw you should check the permissions of this file. | ||
| + | bindpw secret | ||
| + | |||
| + | |||
| + | |||
cn/ccr/aai/howto/login-linux.txt · Last modified: 2016/10/18 09:27 by dmaselli@infn.it