This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux:arch_ad_backend [2018/06/01 03:17] bmiddha |
linux:arch_ad_backend [2021/05/02 21:36] (current) |
||
---|---|---|---|
Line 3: | Line 3: | ||
====== Packages ====== | ====== Packages ====== | ||
- | nss-pam-ldapd | + | <code>pacman -S nss-pam-ldapd krb5 pam-krb5</code> |
- | krb5 | ||
- | |||
- | pam-krb5 | ||
- | |||
- | acm-pam ([[linux:acm_custom_repo|acm repo]]) | ||
- | |||
- | acm-admins-sudo ([[linux:acm_custom_repo|acm repo]]) | ||
====== Configs ====== | ====== Configs ====== | ||
Line 101: | Line 94: | ||
To give admins sudo | To give admins sudo | ||
- | <file|sudoers> | + | <file|/etc/sudoers.d/AcmLanAdmins> |
%AcmLanAdmins ALL=(ALL) ALL | %AcmLanAdmins ALL=(ALL) ALL | ||
</file> | </file> | ||
- | ===== PAM ===== | + | <file|/etc/pam.d/system-auth> |
+ | auth sufficient pam_ldap.so | ||
+ | auth required pam_unix.so try_first_pass nullok | ||
+ | auth optional pam_permit.so | ||
+ | auth required pam_env.so | ||
- | These files are in /etc/pam.d | + | account sufficient pam_ldap.so |
+ | account required pam_unix.so | ||
+ | account optional pam_permit.so | ||
+ | account required pam_time.so | ||
- | Force install acm-pam | + | password sufficient pam_ldap.so |
- | <code> | + | password required pam_unix.so try_first_pass nullok sha512 shadow |
- | pacman -S --force acm-pam | + | password optional pam_permit.so |
- | </code> | + | |
- | This will install a working PAM stack for auth against the ACM AD domain | + | session required pam_limits.so |
+ | session required pam_unix.so | ||
+ | session optional pam_ldap.so | ||
+ | session optional pam_permit.so | ||
+ | </file> |