티스토리 뷰
728x90
반응형
1.LDAP User Authentication
* Configure ldap client for authentication.
==========================================
1)/etc/nsswitch.conf
==
passwd : files ==> files sss (ssl ldap)
shadow : ...
2)Search /etc/passwd (First, if no user, move to ldap)
3)Search LDAP
* Check pass mapper
=========================
# getent passwd ldapuser1
==> First, check file and ldap because passwd means it should find /etc/nsswitch.conf file.
So search file and ldap step by step.
It can not find ldapuser1 in file but find in ldap.
*Auto mount
==============================
In order to reduce network load,
==> Auto mount
1) NFS Clinet Feature
2) If need, mount it automatically but the opposite, unmount it automatically.
3) how to
#/etc/auto.master
mnt_point map_file (resource : /etc)
/dir1 map1
#/etc/map1
/dir2 inst:/var/nfs
# service autofs restart
# cd /dir1/dir2
=>(Note) inactive of the mount during 10 mins, it will be unmounted.
Regular Expression,
==> #/etc/map1
* inst:/var/& (& means the value right before used value.)
(Here==>*)
*Input Method (한글 사용하기)
==========================
#yum groupinstall 'Input Method'
==> inut method tab => Add Korean
==> Advanced tab => Share the same input method among all applications 클릭
*SSH key로 로그인하기
===================
Client ---------> Server
ssh-key-gen pub/pri
ssh-copy-id copy pub--------> pub
Steps)
1. ssh-key-gen
2. ssh-copy-id server1 (ssh-copy-id -i /home/jooho/.ssh/test_rsa.pub root@desktop1)
(/etc/ssh/sshd_config 설정파일)
만약 private 키가 노출되었을 경우를 대비해서 private key자체에 암호를 걸수 있다.
그런데 이러면 매번 암호를 넣어야 하는 불편함이 있다.
ssh-add/ssh-agent를 통해서 캐쉬에 담아두고 컴퓨터가 켜져 있는 동안에는 매번 암호를 넣지 않게 만들수 있다.
Steps)
* Configure ldap client for authentication.
==========================================
1)/etc/nsswitch.conf
==
passwd : files ==> files sss (ssl ldap)
shadow : ...
2)Search /etc/passwd (First, if no user, move to ldap)
3)Search LDAP
* Check pass mapper
=========================
# getent passwd ldapuser1
==> First, check file and ldap because passwd means it should find /etc/nsswitch.conf file.
So search file and ldap step by step.
It can not find ldapuser1 in file but find in ldap.
*Auto mount
==============================
In order to reduce network load,
==> Auto mount
1) NFS Clinet Feature
2) If need, mount it automatically but the opposite, unmount it automatically.
3) how to
#/etc/auto.master
mnt_point map_file (resource : /etc)
/dir1 map1
#/etc/map1
/dir2 inst:/var/nfs
# service autofs restart
# cd /dir1/dir2
=>(Note) inactive of the mount during 10 mins, it will be unmounted.
Regular Expression,
==> #/etc/map1
* inst:/var/& (& means the value right before used value.)
(Here==>*)
*Input Method (한글 사용하기)
==========================
#yum groupinstall 'Input Method'
==> inut method tab => Add Korean
==> Advanced tab => Share the same input method among all applications 클릭
*SSH key로 로그인하기
===================
Client ---------> Server
ssh-key-gen pub/pri
ssh-copy-id copy pub--------> pub
Steps)
1. ssh-key-gen
2. ssh-copy-id server1 (ssh-copy-id -i /home/jooho/.ssh/test_rsa.pub root@desktop1)
(/etc/ssh/sshd_config 설정파일)
만약 private 키가 노출되었을 경우를 대비해서 private key자체에 암호를 걸수 있다.
그런데 이러면 매번 암호를 넣어야 하는 불편함이 있다.
ssh-add/ssh-agent를 통해서 캐쉬에 담아두고 컴퓨터가 켜져 있는 동안에는 매번 암호를 넣지 않게 만들수 있다.
Steps)
| [root@desktop1 ~]# ssh-agent SSH_AUTH_SOCK=/tmp/ssh-sWZYe18375/agent.18375; export SSH_AUTH_SOCK; SSH_AGENT_PID=18376; export SSH_AGENT_PID; echo Agent pid 18376; [root@desktop1 ~]# ssh-add Enter passphrase for /root/.ssh/id_rsa: Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa) [root@desktop1 ~]# ssh server1 Last login: Mon Apr 14 11:46:43 2014 from desktop1.example.com |
반응형
'IT > RHEL' 카테고리의 다른 글
| [RHCE] Bash Scripting (0) | 2014.08.07 |
|---|---|
| [RHCE] 사용자 보안 향상 (0) | 2014.08.07 |
| [RHCE] Red Hat 교육 정리 2 (0) | 2014.08.07 |
| [RHEL] 시스템 모니터링 및 로그 (0) | 2014.08.07 |
| [RHEL] NTP 서버 설정 (0) | 2014.08.07 |
댓글
250x250
반응형
공지사항
최근에 올라온 글
최근에 달린 댓글
- Total
- Today
- Yesterday
링크
TAG
- Red Hat
- redhat
- 정착서비스
- 토론토정착서비스
- Jay
- 온타리오
- 밀튼
- basement
- 부동산분석
- RHEL
- 부모님초청이민
- docker
- 인터넷
- ansible
- 벌링턴
- BTBS
- RHCE
- Certificate
- certification
- TORONTO
- cert
- 캐나다
- git proGit
- 우드워킹
- 토론토
- Canada
- 옥빌
- 캐나다부동산
- BC주
- 미시사가
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 |
글 보관함