User Tools

Site Tools


linux:arch_ad_backend

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
linux:arch_ad_backend [2016/10/19 18:04]
walter [Packages]
linux:arch_ad_backend [2018/06/11 12:25]
bmiddha
Line 9: Line 9:
 pam-krb5 pam-krb5
  
-acm-pam ([[linux:​acm_custom_repo|acm repo]]) 
- 
-acm-admins-sudo ([[linux:​acm_custom_repo|acm repo]]) 
 ====== Configs ====== ====== Configs ======
  
 ===== Kerberos ===== ===== Kerberos =====
  
-<​file|krb5.conf>​+<file|/etc/krb5.conf>​
 [libdefaults] [libdefaults]
         default_realm = ACM.CS         default_realm = ACM.CS
Line 41: Line 38:
  
 **Make sure nslcd.conf can only be read by root** **Make sure nslcd.conf can only be read by root**
-<​file|nslcd.conf>​+<file|/etc/nslcd.conf>​
 uid nslcd uid nslcd
 gid nslcd gid nslcd
Line 86: Line 83:
  
 Edit the passwd, shadow, and group lines to this Edit the passwd, shadow, and group lines to this
-<​file|nsswitch.conf>​+<file|/etc/nsswitch.conf>​
 passwd: files ldap [NOTFOUND=return] passwd: files ldap [NOTFOUND=return]
 shadow: files ldap [NOTFOUND=return] shadow: files ldap [NOTFOUND=return]
Line 101: Line 98:
  
 To give admins sudo To give admins sudo
-<​file|sudoers>​+<file|/etc/sudoers.d/​AcmLanAdmins>
 %AcmLanAdmins ALL=(ALL) ALL %AcmLanAdmins ALL=(ALL) ALL
 </​file>​ </​file>​
  
-===== PAM =====+<​file|/​etc/​pam.d/​system-auth>​ 
 +auth      sufficient pam_ldap.so 
 +auth      required ​ pam_unix.so ​    ​try_first_pass nullok 
 +auth      optional ​ pam_permit.so 
 +auth      required ​ pam_env.so
  
-These files are in /etc/pam.d+account ​  ​sufficient pam_ldap.so 
 +account ​  ​required ​ pam_unix.so 
 +account ​  ​optional ​ pam_permit.so 
 +account ​  ​required ​ pam_time.so
  
-Force install acm-pam +password ​ sufficient pam_ldap.so 
-<​code>​ +password ​ required ​ pam_unix.so ​    ​try_first_pass nullok sha512 shadow 
-pacman -S --force acm-pam +password ​ optional ​ pam_permit.so
-</​code>​+
  
-This will install a working PAM stack for auth against the ACM AD domain+session ​  ​required ​ pam_limits.so 
 +session ​  ​required ​ pam_unix.so 
 +session ​  ​optional ​ pam_ldap.so 
 +session ​  ​optional ​ pam_permit.so 
 +</​file>​
linux/arch_ad_backend.txt · Last modified: 2018/06/14 21:11 by bmiddha