个人工具
119.28.94.63
该IP地址的讨论
登录
查看“UbuntuHelp:PamCcredsHowto”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuHelp:PamCcredsHowto”的源代码
来自Ubuntu中文
←
UbuntuHelp:PamCcredsHowto
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
{{From|https://help.ubuntu.com/community/PamCcredsHowto}} {{Languages|UbuntuHelp:PamCcredsHowto}} Instructions to install & configure libpam-ccreds on Ubuntu 5.10 === Preface === ==== Cached Credentials? ==== Cached credentials are very useful for mobile computers (e.g. notebooks) on which user authentication is done via LDAP server. With cached credentials you are still able to authenticate with the accustomed login credentials when the LDAP server is not reachable.<br> ==== Warning! ==== The packages needed for this feature are linked against libdb. To my experience all packages need to be linked against the same libdb to make everything work properly. This is not the case with ubuntu 5.10 were the installed packages would be the following: {|border="1" cellspacing="0" |libnss-db||2.2-6.3ubuntu1||libdb3 |- |libpam-ccreds||1-3||libdb4.3 |- |nss-updatedb||4-1||libdb4.3 |} Instead of libnss-db (2.2-6.3) i installed libnss-db (2.2.3) from the current debian testing (etch). {|border="1" cellspacing="0" |libnss-db||2.2.3pre1-1||libdb4.3 |} === nss-updatedb === Caches name service directories (passwd and group) locally in /var/lib/misc/passwd.db and /var/lib/misc/group.db. To install the package open a terminal and type: <pre><nowiki> sudo apt-get install nss-updatedb </nowiki></pre> When a connection to the ldap server is available run <pre><nowiki> sudo nss_updatedb ldap </nowiki></pre> once to create/update the passwd and group cache. If this is the first time you run this command, check if /var/lib/passwd.db and /var/lib/misc/group.db have been created. You should add a cron job that does this task for you once in a while. === libnss-db === NSS module for using Berkeley Databases as a naming service.<br> This is needed to enable NSS to read the cached name service directories (passwd and group). As mentioned above the libnss-db package from breezy/main is linked against libdb3 and will ''not'' work with nss-updatedb from breezy/universe. To circumvent this problem we need a package that is linked against libdb4.3 and auses no further dependencies. I recommend the libnss-db package from Debian testing (etch) which can be downloaded from [http://packages.debian.org/testing/admin/libnss-db]. To install the package open a terminal and type: <pre><nowiki> sudo dpkg -i libnss-db_2.2.3pre1-1_i386 </nowiki></pre> (the package in Gutsy has the right version so you just can apt-get install libnss-db it) Edit /etc/nsswitch.conf: <pre><nowiki> passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db </nowiki></pre> ''[NOTFOUND=return]'' is just added for performance reasons. If PAM finds the user in the ldap directory, searching stops. You can test if passwd and group are cached properly by disconnecting the network connection (e.g. ifdown eth0) and typing: <pre><nowiki> sudo getent passwd </nowiki></pre> This should return the local user plus the users from the ldap server cache in the passwd.db. === libpam-ccreds === Pam module to cache authentication credentials (i.e. passwords) locally in /var/cache/.shadow.db . To install the package open a terminal and type: <pre><nowiki> sudo apt-get install libpam-ccreds </nowiki></pre> auth [success=done default=ignore] pam_unix.so nullok_secure auth [authinfo_unavail=ignore success=done default=ignore] pam_ldap.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass === Editing the PAM File === You need to edit /etc/pam.d/common-auth as followes: <pre><nowiki> auth [success=done default=ignore] pam_unix.so nullok_secure try_first_pass auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so use_first_pass auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update </nowiki></pre> If you get an error after "You have been logged on using cached credentials" saying "Authentication service cannot retrieve authentication info" you might need to make some more changes to your common-account file. This seems to only effect feisty. You need to add the following line to /etc/pam.d/common-account: <pre><nowiki> account required pam_permit.so </nowiki></pre> If you are using Gutsy you should have these lines in /etc/pam.d/common-account instead <pre><nowiki> account [user_unknown=ignore authinfo_unavail=ignore default=done] pam_unix.so account [user_unknown=ignore authinfo_unavail=ignore default=done] pam_ldap.so account required pam_permit.so </nowiki></pre> After the file is adjusted properly you must login while connected to the LDAP server once to make libpam-ccreds store your password. After that you will be able to login while not connected to the ldap server as usual. === Further Information === /usr/share/doc/nss-updatedb/*<br> /usr/share/doc/libpam-ccreds/*<br> [http://www.padl.com/OSS/nss_updatedb.html]<br> [http://www.padl.com/OSS/pam_ccreds.html]<br> [http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html]<br> [[category:CategoryDocumentation]] [[category:CategoryCleanup]] [[category:UbuntuHelp]]
该页面使用的模板:
模板:From
(
查看源代码
)
模板:Languages
(
查看源代码
)(受保护)
模板:Languages/Lang
(
查看源代码
)(受保护)
返回至
UbuntuHelp:PamCcredsHowto
。