cn:ccr:aai:howto:login-linux
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
cn:ccr:aai:howto:login-linux [2016/10/18 09:26] – dmaselli@infn.it | cn:ccr:aai:howto:login-linux [2016/10/18 09:27] (current) – dmaselli@infn.it | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Login Linux via INFN-AAI ====== | ||
+ | |||
+ | https:// | ||
+ | |||
+ | yum install nss-pam-ldapd pam_ldap pam_krb5 | ||
+ | |||
+ | ---- | ||
+ | |||
+ | authconfig-tui | ||
+ | |||
+ | ┌────────────────┤ Authentication Configuration ├─────────────────┐ | ||
+ | │ │ | ||
+ | │ User Information | ||
+ | │ [*] Cache Information | ||
+ | │ [*] Use LDAP [*] Use Shadow Passwords | ||
+ | │ [ ] Use NIS [ ] Use LDAP Authentication | ||
+ | │ [ ] Use IPAv2 [*] Use Kerberos | ||
+ | │ [ ] Use Winbind | ||
+ | │ [ ] Use Winbind Authentication | ||
+ | │ [*] Local authorization is sufficient | ||
+ | │ │ | ||
+ | │ ┌────────┐ | ||
+ | │ │ Cancel │ │ Next │ │ | ||
+ | │ └────────┘ | ||
+ | │ │ | ||
+ | │ │ | ||
+ | └─────────────────────────────────────────────────────────────────┘ | ||
+ | |||
+ | |||
+ | ┌─────────────────┤ LDAP Settings ├─────────────────┐ | ||
+ | │ │ | ||
+ | │ [*] Use TLS │ | ||
+ | │ Server: ldap:// | ||
+ | │ Base DN: dc=lnf, | ||
+ | │ │ | ||
+ | │ | ||
+ | │ │ Back │ │ Next │ │ | ||
+ | │ | ||
+ | │ │ | ||
+ | │ │ | ||
+ | └───────────────────────────────────────────────────┘ | ||
+ | |||
+ | |||
+ | ┌─────────────────┤ Kerberos Settings ├──────────────────┐ | ||
+ | │ │ | ||
+ | │ Realm: LNF.INFN.IT_____________________________ │ | ||
+ | │ KDC: ________________________________________ │ | ||
+ | │ Admin Server: ________________________________________ │ | ||
+ | │ [*] Use DNS to resolve hosts to realms | ||
+ | │ [*] Use DNS to locate KDCs for realms | ||
+ | │ │ | ||
+ | │ ┌──────┐ | ||
+ | │ │ Back │ │ Ok │ │ | ||
+ | │ └──────┘ | ||
+ | │ │ | ||
+ | │ │ | ||
+ | └────────────────────────────────────────────────────────┘ | ||
+ | |||
+ | |||
+ | ┌────────────────┤ Warning ├─────────────────┐ | ||
+ | │ │ | ||
+ | │ To connect to a LDAP server with TLS │ | ||
+ | │ protocol enabled you need a CA certificate │ | ||
+ | │ which signed your server' | ||
+ | │ Copy the certificate in the PEM format to │ | ||
+ | │ the '/ | ||
+ | │ Then press OK. │ | ||
+ | │ │ | ||
+ | │ ┌────┐ | ||
+ | │ │ Ok │ │ | ||
+ | │ └────┘ | ||
+ | │ │ | ||
+ | │ │ | ||
+ | └────────────────────────────────────────────┘ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | curl http:// | ||
+ | |||
+ | ---- | ||
+ | |||
+ | **vi / | ||
+ | |||
+ | # The distinguished name to bind to the server with. | ||
+ | # Optional: default is to bind anonymously. | ||
+ | binddn cn=daemon, | ||
+ | |||
+ | # The credentials to bind with. | ||
+ | # Optional: default is no credentials. | ||
+ | # Note that if you set a bindpw you should check the permissions of this file. | ||
+ | bindpw secret | ||
+ | |||
+ | |||
+ | |||
cn/ccr/aai/howto/login-linux.txt · Last modified: 2016/10/18 09:27 by dmaselli@infn.it