PAM
MySQL
- pam = autorizace
- nss = prirazeni paramtru (homedir, expire, uid, apod..)
apt-get install libpam-mysql libnss-mysql
SQL
DROP TABLE IF EXISTS groups; CREATE TABLE groups ( group_id int(11) NOT NULL auto_increment primary key, group_name varchar(30) DEFAULT '' NOT NULL, status char(1) DEFAULT 'A', group_password varchar(64) DEFAULT 'x' NOT NULL, gid int(11) NOT NULL ); INSERT INTO groups VALUES (1,'users','A','x',100); DROP TABLE IF EXISTS user; CREATE TABLE user ( user_id int(11) NOT NULL auto_increment primary key, user_name varchar(50) DEFAULT '' NOT NULL, realname varchar(32) DEFAULT '' NOT NULL, shell varchar(20) DEFAULT '/bin/sh' NOT NULL, password varchar(40) DEFAULT '' NOT NULL, status char(1) DEFAULT 'N' NOT NULL, uid int(11) NOT NULL, gid int(11) DEFAULT '65534' NOT NULL, homedir varchar(32) DEFAULT '/bin/sh' NOT NULL, lastchange varchar(50) NOT NULL default '', min int(11) NOT NULL default '0', max int(11) NOT NULL default '0', warn int(11) NOT NULL default '7', inact int(11) NOT NULL default '-1', expire int(11) NOT NULL default '-1' ); DROP TABLE IF EXISTS user_group; CREATE TABLE user_group ( user_id int(11) DEFAULT '0' NOT NULL, group_id int(11) DEFAULT '0' NOT NULL ); GRANT select(user_name,user_id,uid,gid,realname,shell,homedir,status) on user to nss@localhost identified by 'ieopurASDF'; GRANT select(group_name,group_id,gid,group_password,status) on groups to nss@localhost identified by 'ieopurASDF'; GRANT select(user_id,group_id) on user_group to nss@localhost identified by 'ieopurASDF'; GRANT select(user_name,password,user_id,uid,gid,realname,shell,homedir,status,lastchange,min,max,warn,inact,expire) on user to 'nss-shadow'@localhost identified by 'ruASDFDER'; GRANT update(user_name,password,user_id,uid,gid,realname,shell,homedir,status,lastchange,min,max,warn,inact,expire) on user to 'nss-shadow'@localhost identified by 'ruASDFDER'; FLUSH PRIVILEGES;
pokud chceme i logovani, tak tabulka
CREATE TABLE `log` ( `msg` varchar(50) NOT NULL default '', `user` varchar(50) NOT NULL default '', `pid` int(11) NOT NULL default '0', `host` varchar(100) NOT NULL default '', `time` datetime NOT NULL default '0000-00-00 00:00:00' ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
upravit /etc/nsswitch.conf – pridat mysql za passd, group a shadow, takhle
passwd: compat mysql group: compat mysql shadow: compat mysql
a zmenit heslo v souborech
/etc/nss-mysql.conf
/etc/nss-mysql-root.conf
citelny jen pro roota
chmod 600 /etc/nss-mysql-root.conf
a nakonec upravit soubory v /etc/pam.d (pridat dane radky nahoru nad per-package moduly
pro ostre nasazeni odebrat logovani a verbose=1
common-password
password sufficient pam_mysql.so nullok verbose=1 user=root \ passwd=spc29 db=nss table=user usercolumn=user_name passwdcolumn=password \ crypt=3 md5=true \ sqllog=true logtable=log logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logtimecolumn=time
common-auth
auth sufficient pam_mysql.so user=root verbose=1 \ passwd=spc29 db=nss table=user usercolumn=user_name passwdcolumn=password \ statcolumn=status crypt=3 md5=true sqllog=true logtable=log logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logtimecolumn=time
zdroje:
linux/pam.txt · Poslední úprava: 26.04.2011 23:42 autor: wladik