IT/RHEL
[RHCE] LDAP User Authentication
트래이닝맨
2014. 8. 7. 15:03
728x90
반응형
1.LDAP User Authentication
* Configure ldap client for authentication.
==========================================
1)/etc/nsswitch.conf
==
passwd : files ==> files sss (ssl ldap)
shadow : ...
2)Search /etc/passwd (First, if no user, move to ldap)
3)Search LDAP
* Check pass mapper
=========================
# getent passwd ldapuser1
==> First, check file and ldap because passwd means it should find /etc/nsswitch.conf file.
So search file and ldap step by step.
It can not find ldapuser1 in file but find in ldap.
*Auto mount
==============================
In order to reduce network load,
==> Auto mount
1) NFS Clinet Feature
2) If need, mount it automatically but the opposite, unmount it automatically.
3) how to
#/etc/auto.master
mnt_point map_file (resource : /etc)
/dir1 map1
#/etc/map1
/dir2 inst:/var/nfs
# service autofs restart
# cd /dir1/dir2
=>(Note) inactive of the mount during 10 mins, it will be unmounted.
Regular Expression,
==> #/etc/map1
* inst:/var/& (& means the value right before used value.)
(Here==>*)
*Input Method (한글 사용하기)
==========================
#yum groupinstall 'Input Method'
==> inut method tab => Add Korean
==> Advanced tab => Share the same input method among all applications 클릭
*SSH key로 로그인하기
===================
Client ---------> Server
ssh-key-gen pub/pri
ssh-copy-id copy pub--------> pub
Steps)
1. ssh-key-gen
2. ssh-copy-id server1 (ssh-copy-id -i /home/jooho/.ssh/test_rsa.pub root@desktop1)
(/etc/ssh/sshd_config 설정파일)
만약 private 키가 노출되었을 경우를 대비해서 private key자체에 암호를 걸수 있다.
그런데 이러면 매번 암호를 넣어야 하는 불편함이 있다.
ssh-add/ssh-agent를 통해서 캐쉬에 담아두고 컴퓨터가 켜져 있는 동안에는 매번 암호를 넣지 않게 만들수 있다.
Steps)
* Configure ldap client for authentication.
==========================================
1)/etc/nsswitch.conf
==
passwd : files ==> files sss (ssl ldap)
shadow : ...
2)Search /etc/passwd (First, if no user, move to ldap)
3)Search LDAP
* Check pass mapper
=========================
# getent passwd ldapuser1
==> First, check file and ldap because passwd means it should find /etc/nsswitch.conf file.
So search file and ldap step by step.
It can not find ldapuser1 in file but find in ldap.
*Auto mount
==============================
In order to reduce network load,
==> Auto mount
1) NFS Clinet Feature
2) If need, mount it automatically but the opposite, unmount it automatically.
3) how to
#/etc/auto.master
mnt_point map_file (resource : /etc)
/dir1 map1
#/etc/map1
/dir2 inst:/var/nfs
# service autofs restart
# cd /dir1/dir2
=>(Note) inactive of the mount during 10 mins, it will be unmounted.
Regular Expression,
==> #/etc/map1
* inst:/var/& (& means the value right before used value.)
(Here==>*)
*Input Method (한글 사용하기)
==========================
#yum groupinstall 'Input Method'
==> inut method tab => Add Korean
==> Advanced tab => Share the same input method among all applications 클릭
*SSH key로 로그인하기
===================
Client ---------> Server
ssh-key-gen pub/pri
ssh-copy-id copy pub--------> pub
Steps)
1. ssh-key-gen
2. ssh-copy-id server1 (ssh-copy-id -i /home/jooho/.ssh/test_rsa.pub root@desktop1)
(/etc/ssh/sshd_config 설정파일)
만약 private 키가 노출되었을 경우를 대비해서 private key자체에 암호를 걸수 있다.
그런데 이러면 매번 암호를 넣어야 하는 불편함이 있다.
ssh-add/ssh-agent를 통해서 캐쉬에 담아두고 컴퓨터가 켜져 있는 동안에는 매번 암호를 넣지 않게 만들수 있다.
Steps)
| [root@desktop1 ~]# ssh-agent SSH_AUTH_SOCK=/tmp/ssh-sWZYe18375/agent.18375; export SSH_AUTH_SOCK; SSH_AGENT_PID=18376; export SSH_AGENT_PID; echo Agent pid 18376; [root@desktop1 ~]# ssh-add Enter passphrase for /root/.ssh/id_rsa: Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa) [root@desktop1 ~]# ssh server1 Last login: Mon Apr 14 11:46:43 2014 from desktop1.example.com |
반응형