Network System Laboratory - Backup diff of sssd vs current(No. 1)

View the diff.
View the source.
Go to sssd.

--- 1: 2021-06-26 (Sat) 12:19:53 iseki
+++ Cur: 2021-07-05 (Mon) 10:55:33 iseki
@@ Line 1: / Line 1: @@
- # cat /etc/sssd/sssd.conf
+** SSSD [#h3c7678c]
- [sssd]
+- System Security Services Daemon
- debug_level = 0
+- [[LDAP]] を使用した認証が可能．キャッシュサーバ一体型．
- config_file_version = 2
- services = nss, sudo, pam, autofs, ssh
- domains = default
- [domain/default]
+#br
- enumerate = true
- id_provider = ldap
- auth_provider = ldap
- #access_provider = permit
- chpass_provider = ldap
+*** Getting Start [#yd2c55ab]
- sudo_provider = ldap
- ldap_uri = ldap://202.26.150.51/
- ldap_search_base = dc=nsl,dc=tuis,dc=ac,dc=jp
- ldap_id_use_start_tls = False
- ldap_search_timeout = 3
- ldap_network_timeout = 3
- ldap_opt_timeout = 3
- ldap_enumeration_search_timeout = 60
- ldap_enumeration_refresh_timeout = 300
- ldap_connection_expire_timeout = 600
- ldap_sudo_smart_refresh_interval = 600
- ldap_sudo_full_refresh_interval = 10800
- entry_cache_timeout = 1200
- #cache_credentials = True
- cache_credentials = False
- ldap_tls_reqcert = never
- ldap_default_bind_dn = cn=Manager
+- getent shadow が使えなくても，認証可能!
- ldap_default_authtok = ******
+#br
- ldap_tls_cacertdir = /etc/openldap/cacerts
+****設定ファイル [#q45b6791]
-&nbsp;autofs_provider = ldap
+- [[authconfig&gt;authselect]],  authconfig-uti コマンドでデフォルトの設定ファイルを用意してくくれる
+-- CentOS8 では [[authselect]] になった． authconfig-uti は削除．
+-- # authselect select sssd
-&nbsp;[nss]
+- /etc/sssd/[[sssd.conf&gt;./sssd.conf]]        　 (''-rw------- 1 root root'')
- homedir_substring = /home
+- /etc/nsswitch.conf
- entry_negative_timeout = 20
+-- sss を追加
-&nbsp;entry_cache_nowait_percentage = 50
+- [[/etc/pam.d&gt;PAM]]/*
+- /etc/sysconfig/authconfig
+-- 手動：SSSD関連を yes, LDAP関連を no　（手動は意味ないかも知れない．ない気がする．参考程度に記す）
+#br
+**** 起動 [#w0e57382]
+- # systemctl start sssd
+#br
- [pam]
+**** 全キャッシュのクリア [#d444b6da]
+- # systemctl stop sssd
+- # \rm /var/lib/sss/db/*
+- # systemctl start sssd
+#br
- [sudo]
+**** 検証 [#q4eaec9b]
+- 要 sssd-tools
- [autofs]
+ # sssctl domain-status default
+#br
-[ssh]
+*** [[PAM]] [#t20d7915]
-[pac]
+**** system-auth [#c33cbec0]
+ auth        required      pam_env.so
+ auth        required      pam_faildelay.so delay=2000000
+ auth        [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
+ auth        [default=1 ignore=ignore success=ok] pam_localuser.so
+ auth        sufficient    pam_unix.so nullok try_first_pass
+ auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
+ auth        sufficient    pam_sss.so forward_pass
+ auth        required      pam_deny.so
+ account     required      pam_unix.so broken_shadow
+ account     sufficient    pam_localuser.so
+ account     sufficient    pam_succeed_if.so uid < 1000 quiet
+ account     [default=bad success=ok user_unknown=ignore] pam_sss.so
+ account     required      pam_permit.so
+ password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
+ password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
+ password    sufficient    pam_sss.so use_authtok
+ password    required      pam_deny.so
+ session     optional      pam_keyinit.so revoke
+ session     required      pam_limits.so
+ -session     optional      pam_systemd.so
+ session     optional      pam_oddjob_mkhomedir.so umask=0077
+ session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+ session     required      pam_unix.so
+ session     optional      pam_sss.so
+**** password-auth [#x8b5ec4d]
+ auth        required      pam_env.so
+ auth        required      pam_faildelay.so delay=2000000
+ auth        [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
+ auth        [default=1 ignore=ignore success=ok] pam_localuser.so
+ auth        sufficient    pam_unix.so nullok try_first_pass
+ auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
+ auth        sufficient    pam_sss.so forward_pass
+ auth        required      pam_deny.so
+ account     required      pam_unix.so broken_shadow
+ account     sufficient    pam_localuser.so
+ account     sufficient    pam_succeed_if.so uid < 1000 quiet
+ account     [default=bad success=ok user_unknown=ignore] pam_sss.so
+ account     required      pam_permit.so
+ password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
+ password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
+ password    sufficient    pam_sss.so use_authtok
+ password    required      pam_deny.so
+ session     optional      pam_keyinit.so revoke
+ session     required      pam_limits.so
+ -session     optional      pam_systemd.so
+ session     optional      pam_oddjob_mkhomedir.so umask=0077
+ session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+ session     required      pam_unix.so
+ session     optional      pam_sss.so

Backup list of sssd
Backup diff of sssd vs current(No. All)
- 1: 2021-06-26 (Sat) 12:19:53 iseki
- 2: 2021-06-26 (Sat) 12:32:13 iseki
- 3: 2021-06-26 (Sat) 18:35:06 iseki
- 4: 2021-06-27 (Sun) 21:48:43 iseki
- 5: 2021-06-29 (Tue) 11:13:02 iseki
- 6: 2021-06-29 (Tue) 14:28:55 iseki

Backup diff of sssd vs current(No. 1)

Site Search

Login

Sub Menu

Books

mini Calendar

Who's Online

Access Counter