Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Bộ ba này đặt quyền truy cập cho các nhóm được gán cho tập tin. (Nhóm được thảo luận trong phần "treo ra trong các nhóm", sau này trong chương này.) Bộ ba thứ ba bao gồm các nhân vật thứ tám, thứ chín và thứ mười trong danh sách định dạng tập tin dài. | 40 modify your etc nsswitch.conf file to specify that the system obtains password and group information from the Windows domain controller. Correct entries would be the following passwd files winbind group files winbind This tells the name service switch to first check the local password and group files on the client system for authentication information and then check the winbindd daemon. This enables you to create local accounts when necessary giving these local accounts priority while still using Windows domain authentication for most accounts. 1.6.4. Integrating the pam_winbind.so PAM into System Authentication Unless you re using a Linux distribution such as Red Hat which provides a graphical tool for configuring system authentication system-config-auth shown in Figure 1-1 you ll need to manually modify the PAM configuration files for services that will authenticate using your Windows domain controller. At a minimum this is the login configuration file etc pam.d login and probably also the PAM configuration file for SSH logins etc pam.d sshd . Here s a sample PAM configuration file that uses Windows authentication to enable logins PAM-1.0 auth sufficient lib security pam_winbind.so auth required lib security pam_securetty.so auth required lib security pam_stack.so service system-auth use_ _first_pass auth required lib security pam_nologin.so account required lib security pam_stack.so service system-auth password required lib security pam_stack.so service system-auth session required lib security pam_stack.so service system-auth session optional lib security pam_console.so debug Figure 1-1. Red Hat s graphical application for configuring Windows authentication 40 41 Note that this PAM configuration file accepts Windows authentication as being sufficient to enable a login but then falls through to the standard Linux authentication sequence if this fails. This enables you to use a mixture of central authentication through the Windows domain controller and local .