Login Linux via INFN-AAI

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/System-Level_Authentication_Guide/Red_Hat_Enterprise_Linux-7-System-Level_Authentication_Guide-en-US.pdf

yum install nss-pam-ldapd pam_ldap pam_krb5

authconfig-tui

┌────────────────┤ Authentication Configuration ├─────────────────┐
│                                                                 │
│  User Information        Authentication                         │
│  [*] Cache Information   [ ] Use MD5 Passwords                  │
│  [*] Use LDAP            [*] Use Shadow Passwords               │
│  [ ] Use NIS             [ ] Use LDAP Authentication            │
│  [ ] Use IPAv2           [*] Use Kerberos                       │
│  [ ] Use Winbind         [ ] Use Fingerprint reader             │
│                          [ ] Use Winbind Authentication         │
│                          [*] Local authorization is sufficient  │
│                                                                 │
│            ┌────────┐                      ┌──────┐             │
│            │ Cancel │                      │ Next │             │
│            └────────┘                      └──────┘             │
│                                                                 │
│                                                                 │
└─────────────────────────────────────────────────────────────────┘

┌─────────────────┤ LDAP Settings ├─────────────────┐
│                                                   │
│          [*] Use TLS                              │
│  Server: ldap://ds1.infn.it/_____________________ │
│ Base DN: dc=lnf,dc=infn,dc=it____________________ │
│                                                   │
│         ┌──────┐                ┌──────┐          │
│         │ Back │                │ Next │          │
│         └──────┘                └──────┘          │
│                                                   │
│                                                   │
└───────────────────────────────────────────────────┘

┌─────────────────┤ Kerberos Settings ├──────────────────┐
│                                                        │
│        Realm: LNF.INFN.IT_____________________________ │
│          KDC: ________________________________________ │
│ Admin Server: ________________________________________ │
│               [*] Use DNS to resolve hosts to realms   │
│               [*] Use DNS to locate KDCs for realms    │
│                                                        │
│          ┌──────┐                    ┌────┐            │
│          │ Back │                    │ Ok │            │
│          └──────┘                    └────┘            │
│                                                        │
│                                                        │
└────────────────────────────────────────────────────────┘

┌────────────────┤ Warning ├─────────────────┐
│                                            │
│ To connect to a LDAP server with TLS       │
│ protocol enabled you need a CA certificate │
│ which signed your server's certificate.    │
│ Copy the certificate in the PEM format to  │
│ the '/etc/openldap/cacerts' directory.     │
│ Then press OK.                             │
│                                            │
│                  ┌────┐                    │
│                  │ Ok │                    │
│                  └────┘                    │
│                                            │
│                                            │
└────────────────────────────────────────────┘

curl http://www.lnf.infn.it/~dmaselli/cacerts.tgz | tar -C /etc/openldap/cacerts/ -xzvf -

vi /etc/nslcd.conf

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=daemon,dc=SEDE,dc=infn,dc=it

# The credentials to bind with.
# Optional: default is no credentials.
# Note that if you set a bindpw you should check the permissions of this file.
bindpw secret