红帽全球峰会此内容没有您所选择的语言版本。
Chapter 6. Authentication
6.1. Implementing PAM Authentication
复制链接链接已复制到粘贴板!
Red Hat Satellite supports network-based authentication systems such as LDAP and Kerberos, using Pluggable Authentication Modules (PAM). PAM is a suite of libraries that helps system administrators integrate the Satellite with a centralized authentication mechanism, thus eliminating the need for remembering multiple passwords.
Note
To ensure that PAM authentication functions properly, install the
pam-devel package.
yum install pam-devel
# yum install pam-devel
Also make sure to update to the latest
selinux-policy-targeted package.
yum update selinux-policy-targeted
# yum update selinux-policy-targetedProcedure 6.1. Configuring Red Hat Satellite to use PAM
- Set the
allow_httpd_mod_auth_pamSELinux boolean to on:setsebool -P allow_httpd_mod_auth_pam 1
# setsebool -P allow_httpd_mod_auth_pam 1Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Open the
/etc/rhn/rhn.conffile in your preferred text editor, and add the following line:pam_auth_service = rhn-satellite
pam_auth_service = rhn-satelliteCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create a PAM service file in the/etc/pam.d/directory:touch /etc/pam.d/rhn-satellite
# touch /etc/pam.d/rhn-satelliteCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Edit the file and add one of the following, depending on your authentication method:
Example 6.1. SSSD Authentication
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example 6.2. Kerberos Authentication
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example 6.3. LDAP Authentication
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For more detail about configuring PAM, see the Pluggable Authentication Modules (PAM) in the Red Hat Enterprise Linux Deployment Guide.Note
For Kerberos-authenticating users, change the password by usingkpasswd. Do not change the password on Red Hat Satellite web application as this method only changes the local password on the Satellite server. Local passwords are not in use if PAM is enabled for that user. - Restart the service to pick up the changes:
rhn-satellite restart
# rhn-satellite restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow - To enable a user to authenticate against PAM, select the checkbox labeled Pluggable Authentication Modules (PAM). It is positioned below the password and password confirmation fields on the Create User page.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}