广州网站建设推广服务,网站数据包如何做架构,临沂森拓网络科技有限公司,自己开发app挣钱吗时间#xff1a;2017.11.16作者#xff1a;李强参考#xff1a;man,info#xff0c;magedu讲义声明#xff1a;以下英文纯属个人翻译#xff0c;英文B级#xff0c;欢迎纠正#xff0c;盗版不纠,才能有限#xff0c;希望不误人子弟为好。1、使用目的与场景先列在这里2017.11.16作者李强参考man,infomagedu讲义声明以下英文纯属个人翻译英文B级欢迎纠正盗版不纠,才能有限希望不误人子弟为好。1、使用目的与场景 先列在这里以后就知道怎么用了2、官方说明 an interface for configuring system authentication resources3、写在前面 现在用authconfig --passalgosha256 --update 来更新加密算法 4、修改文件及涉及的环境变量 /etc/sysconfig/authconfig用于跟踪是否启用了特定的身份验证机制。目前包括变量名为 USESHADOW, USEMD5,USEKERBEROS, USELDAPAUTH, USESMBAUTH, USEWINBIND,USEWINBINDAUTH、USEHESIOD、USENIS、USELDAP等其他/etc/passwd/etc/shadowUsed for shadow password support./etc/yp.confConfiguration file for NIS support./etc/sysconfig/networkAnother configuration file for NIS support./etc/ldap.conf/etc/nss_ldap.conf/etc/pam_ldap.conf/etc/nslcd.conf/etc/openldap/ldap.conf用于配置 nss_ldap、pam_ldap、nslcd 和 OpenLDAP 库。仅当经存在系统上的文件被更改。/etc/krb5.conf 用于Kerberos 5. /etc/hesiod.conf 用于配置Hesiod /etc/samba/smb.conf 用于配置 winbind 身份验证 /etc/nsswitch.conf 用于配置用户信息服务 /etc/login.defs 用于配置用户帐户的参数 (常规用户的最小UID, 密码哈希算法) /etc/pam.d/system-auth用于系统服务的通用 PAM 配置,其中包括使用 include指令只能被添加软链接不能被添加硬链接 /etc/pam.d/system-auth-ac 包含系统服务的实际 PAM 配置, 并且是/etc/pam.d/system-auth的符号链接如果创建了PAM的本地配置 (并symlinked从system-auth文件)该文件就会被包含在那里。 5、用法NAME系统验证资源配置的一个接口authconfig-tui是简单的图形化配置界面就好像setup一样的。
SYNOPSISauthconfig[options] {--update|--updateall|--test|--probe|--restorebackupname|--savebackup name|--restorelastbackup}
DESCRIPTIONauthconfig提供了一个简单的方式去配置 /etc/sysconfig/network去支持NIS功能,也为/etc/passwd和/etc/shadow提供密码策略方面的支持同时也支持Basic LDAP, Kerberos 5, 和Winbind 客户端的配置。 --test参数的话authconfig可以被除了root意外的用户使用任何改变都不会被保存只会被打印出来看下效果。--update参数的话就必须是root权限用户配置会被保存仅仅修改的文件会被重新写入--updateall参数的话同上但是所有的配置文件都会被修改--probe 使用DNS或者其他的方式来猜测当前主机的配置如果找到就通过STDOUT输出然后退出--restorebackup --savebackup --restorelastbackup参数提供了保存和恢复被authconfg修改的文件的可能authconfig每次操作前也会自动备份配置文件信息这个备份信息可以被--restorelastbackup恢复以下是一些options如果指定了--nostart (这是安装程序所做的), ypbind 或其他守护进程将不会启动
或在程序执行后立即停止, 但只在启动时启用或停止。
--enablenis,--enableldap,--enablewinbind, 和--enablehesiod选项用于配置用户的信息服务
/etc/nsswitch.conf, --enablecache 选项用于配置命名服务缓存,
--enableshadow,--enableldapauth,--enablekrb5, --enablewinbindauth 选项用于配置
认证功能通过/etc/pam.d/system-auth。
每一个--enable都对应一个--disable选项
用于存储新密码哈希值的算法可以由 --passalgo 选项指定, 它采用
下列可能的值作为参数: descrypt、bigcrypt、md5、sha256 和 sha512。
--enablelocauthorize 选项允许绕过检查网络认证服务的授权
--enablesysnetauth 允许这些服务对系统帐户 (uid 500或者1000(centos7) 进行身份验证。
当配置设置允许用户信息服务和身份验证使用 SSSD 时, SSSD将自动使用,而不是老的服务
SSSD 配置将被设置, 所以有一个使用连接服务所需的设置填充的默认域。
--enablesssd和--enablesss 选项强制添加SSSD到/etc/nsswitch.conf and /etc/pam.d/system-auth,
但它们不设置SSSD 配置文件中的域。 SSSD配置必须手动设置。允许的配置SSSD 服务的配给是:
LDAP为用户信息(-enableldap)和任一LDAP(--enableldapauth),或 Kerberos(--enablekrb5)
进行身份验证。
如果 SSSD不支持站点配置所需的旧式服务的某些功能,
通过在/etc/sysconfig/authconfig中设置 FORCELEGACYyes , 可以强制使用旧式服务。
在手册页中提到的选项列表不是详尽无遗的, 请参考 authconfig--help 完整的列表authconfig--tui支持authconfig所有的选项,但它意味着--update作为默认操作。
它的窗口默认情况下包含Cancel按钮。如果在运行时指定了--back选项,则显示Back按钮而不是
Cancel.如果指定了--kickstart,将不会看到交互式屏幕。程序将使用的值将由其他选项
(-passalgo,-enableshadow, 等等)指定。对于namelist,您可以用单个名称或逗号分隔的名称列表替换。 以下是authconfig --help 的完整optionsOptions:-h, --help show this help message and exit--enableshadow, --useshadowenable shadowed passwords by default--disableshadow disable shadowed passwords by default--enablemd5, --usemd5enable MD5 passwords by default--disablemd5 disable MD5 passwords by default--passalgodescrypt|bigcrypt|md5|sha256|sha512hash/crypt algorithm for new passwords--enablenis enable NIS for user information by default--disablenis disable NIS for user information by default--nisdomaindomain default NIS domain--nisserverserver default NIS server--enableldap enable LDAP for user information by default--disableldap disable LDAP for user information by default--enableldapauth enable LDAP for authentication by default--disableldapauth disable LDAP for authentication by default--ldapserverserverdefault LDAP server hostname or URI--ldapbasedndn default LDAP base DN--enableldaptls, --enableldapstarttlsenable use of TLS with LDAP (RFC-2830)--disableldaptls, --disableldapstarttlsdisable use of TLS with LDAP (RFC-2830)--enablerfc2307bis enable use of RFC-2307bis schema for LDAP user information lookups--disablerfc2307bis disable use of RFC-2307bis schema for LDAP user information lookups--ldaploadcacertURLload CA certificate from the URL--enablesmartcard enable authentication with smart card by default--disablesmartcard disable authentication with smart card by default--enablerequiresmartcardrequire smart card for authentication by default--disablerequiresmartcarddo not require smart card for authentication by default--smartcardmodulemoduledefault smart card module to use--smartcardaction0Lock|1Ignoreaction to be taken on smart card removal--enablefingerprint enable authentication with fingerprint readers by default--disablefingerprint disable authentication with fingerprint readers by default--enablekrb5 enable kerberos authentication by default--disablekrb5 disable kerberos authentication by default--krb5kdcserver default kerberos KDC--krb5adminserverserverdefault kerberos admin server--krb5realmrealm default kerberos realm--enablekrb5kdcdns enable use of DNS to find kerberos KDCs--disablekrb5kdcdns disable use of DNS to find kerberos KDCs--enablekrb5realmdns enable use of DNS to find kerberos realms--disablekrb5realmdnsdisable use of DNS to find kerberos realms--enablewinbind enable winbind for user information by default--disablewinbind disable winbind for user information by default--enablewinbindauth enable winbind for authentication by default--disablewinbindauth disable winbind for authentication by default--smbsecurityuser|server|domain|adssecurity mode to use for samba and winbind--smbrealmrealm default realm for samba and winbind when securityads--smbserversserversnames of servers to authenticate against--smbworkgroupworkgroupworkgroup authentication servers are in--smbidmaprangelowest-highest, --smbidmapuidlowest-highest, --smbidmapgidlowest-highestuid range winbind will assign to domain or ads users--winbindseparator\the character which will be used to separate the domain and user part of winbind-created user names if winbindusedefaultdomain is not enabled--winbindtemplatehomedir/home/%D/%Uthe directory which winbind-created users will have as home directories--winbindtemplateprimarygroupnobodythe group which winbind-created users will have as their primary group--winbindtemplateshell/bin/falsethe shell which winbind-created users will have as their login shell--enablewinbindusedefaultdomainconfigures winbind to assume that users with no domain in their user names are domain users--disablewinbindusedefaultdomainconfigures winbind to assume that users with no domain in their user names are not domain users--enablewinbindofflineconfigures winbind to allow offline login--disablewinbindofflineconfigures winbind to prevent offline login--winbindjoinAdministratorjoin the winbind domain or ads realm now as this administrator--enableipav2 enable IPAv2 for user information and authentication by default--disableipav2 disable IPAv2 for user information and authentication by default--ipav2domaindomainthe IPAv2 domain the system should be part of--ipav2realmrealm the realm for the IPAv2 domain--ipav2serverserversthe server for the IPAv2 domain--enableipav2nontp do not setup the NTP against the IPAv2 domain--disableipav2nontp setup the NTP against the IPAv2 domain (default)--ipav2joinaccountjoin the IPAv2 domain as this account--enablewins enable wins for hostname resolution--disablewins disable wins for hostname resolution--enablepreferdns prefer dns over wins or nis for hostname resolution--disablepreferdns do not prefer dns over wins or nis for hostname resolution--enablehesiod enable hesiod for user information by default--disablehesiod disable hesiod for user information by default--hesiodlhslhs default hesiod LHS--hesiodrhsrhs default hesiod RHS--enablesssd enable SSSD for user information by default with manually managed configuration--disablesssd disable SSSD for user information by default (still used for supported configurations)--enablesssdauth enable SSSD for authentication by default with manually managed configuration--disablesssdauth disable SSSD for authentication by default (still used for supported configurations--enableforcelegacy never use SSSD implicitly even for supported configurations--disableforcelegacy use SSSD implicitly if it supports the configuration--enablecachecreds enable caching of user credentials in SSSD by default--disablecachecreds disable caching of user credentials in SSSD by default--enablecache enable caching of user information by default (automatically disabled when SSSD is used)--disablecache disable caching of user information by default--enablelocauthorize local authorization is sufficient for local users--disablelocauthorizeauthorize local users also through remote service--enablepamaccess check access.conf during account authorization--disablepamaccess do not check access.conf during account authorization--enablesysnetauth authenticate system accounts by network services--disablesysnetauth authenticate system accounts by local files only--enablemkhomedir create home directories for users on their first login--disablemkhomedir do not create home directories for users on their first login--nostart do not start/stop portmap, ypbind, and nscd--test do not update the configuration files, only print new settings--update, --kickstartopposite of --test, update configuration files with changed settings--updateall update all configuration files--probe probe network for defaults and print them--savebackupname save a backup of all configuration files--restorebackupnamerestore the backup of configuration files--restorelastbackup restore the backup of configuration files saved before the previous configuration change 转载于:https://blog.51cto.com/lajifeiwomoshu/1982378
