1.4. Creating and deploying your own authselect profile
As a system administrator, you can create and deploy a custom profile by making a customized copy of one of the default profiles.
This is particularly useful if Modifying a ready-made authselect profile is not enough for your needs. When you deploy a custom profile, the profile is applied to every user logging into the given host.
Procédure
Create your custom profile by using the
authselect create-profile
command. For example, to create a custom profile calleduser-profile
based on the ready-madesssd
profile but one in which you can configure the items in the/etc/nsswitch.conf
file yourself:#
authselect create-profile
user-profile
-bsssd
--symlink-meta
--symlink-pam
New profile was created at /etc/authselect/custom/user-profileIncluding the
--symlink-pam
option in the command means that PAM templates will be symbolic links to the origin profile files instead of their copy; including the--symlink-meta
option means that meta files, such as README and REQUIREMENTS will be symbolic links to the origin profile files instead of their copy. This ensures that all future updates to the PAM templates and meta files in the original profile will be reflected in your custom profile, too.The command creates a copy of the
/etc/nsswitch.conf
file in the/etc/authselect/custom/user-profile/
directory.-
Configure the
/etc/authselect/custom/user-profile/nsswitch.conf
file. Select the custom profile by running the
authselect select
command, and addingcustom/name_of_the_profile
as a parameter. For example, to select theuser-profile
profile:#
authselect select
custom/user-profile
Selecting the
user-profile
profile for your machine means that if thesssd
profile is subsequently updated by Red Hat, you will benefit from all the updates with the exception of updates made to the/etc/nsswitch.conf
file.Exemple 1.1. Creating a profile
The following procedure shows how to create a profile based on the
sssd
profile which only consults the local static table lookup for hostnames in the/etc/hosts
file, not in thedns
ormyhostname
databases.Edit the
/etc/nsswitch.conf
file by editing the following line:hosts: files
Create a custom profile based on
sssd
that excludes changes to/etc/nsswitch.conf
:#
authselect create-profile
user-profile
-bsssd
--symlink-meta --symlink-pamSelect the profile:
#
authselect select
custom/user-profile
Optionally, check that selecting the custom profile has
-
created the
/etc/pam.d/system-auth
file according to the chosensssd
profile left the configuration in the
/etc/nsswitch.conf
unchanged:hosts: files
NoteRunning
authselect select
sssd
would, in contrast, result inhosts: files dns myhostname
-
created the
Ressources complémentaires