User Tools
использование_библиотеки_pam
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
использование_библиотеки_pam [2022/01/12 16:07] val [Использование pam_script] |
использование_библиотеки_pam [2025/09/15 09:38] (current) val |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| * [[http://www.freebsd.org/doc/ru/articles/pam/index.html|FreeBSD Handbook: Подключаемые Модули Аутентификации (PAM)]] | * [[http://www.freebsd.org/doc/ru/articles/pam/index.html|FreeBSD Handbook: Подключаемые Модули Аутентификации (PAM)]] | ||
| - | * [[http://www.ibm.com/developerworks/ru/library/l-pam/index.html|IBM: Основы и настройка PAM]] | + | * [[https://redos.red-soft.ru/base/redos-7_3/7_3-security/7_3-sys-auth/7_3-pam/|red-soft.ru Подключаемые модули аутентификации (PAM). Общие сведения]] |
| + | * [[https://losst.pro/nastrojka-pam-v-linux|Настройка PAM в Linux]] | ||
| ===== Терминология PAM ===== | ===== Терминология PAM ===== | ||
| Line 47: | Line 48: | ||
| ===== Примеры использования ===== | ===== Примеры использования ===== | ||
| + | |||
| + | ==== Использование pamtester ==== | ||
| + | |||
| + | * Пакет OpenVPN [[Пакет OpenVPN#Включение 2FA]] | ||
| + | |||
| + | <code> | ||
| + | # apt install pamtester | ||
| + | |||
| + | # pamtester openvpn student authenticate | ||
| + | pin | ||
| + | Password: | ||
| + | pamtester: successfully authenticated | ||
| + | </code> | ||
| ==== Права на команду su === | ==== Права на команду su === | ||
| Line 155: | Line 169: | ||
| client1:~# grep -r ssh /etc/pam.* | client1:~# grep -r ssh /etc/pam.* | ||
| + | |||
| + | client1:~# pam-auth-update | ||
| </code> | </code> | ||
| Line 226: | Line 242: | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| - | auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass | + | # here are the per-package modules (the "Primary" block) |
| - | auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass | + | auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000 |
| + | auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass | ||
| auth requisite pam_deny.so | auth requisite pam_deny.so | ||
| auth sufficient pam_script.so | auth sufficient pam_script.so | ||
| auth required pam_permit.so | auth required pam_permit.so | ||
| + | # and here are more per-package modules (the "Additional" block) | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| Line 237: | Line 255: | ||
| #!/bin/bash | #!/bin/bash | ||
| - | id $PAM_USER &>/dev/null || useradd -m -s /bin/bash $PAM_USER | + | id "$PAM_USER" &>/dev/null || useradd -m -s /bin/bash "$PAM_USER" |
| + | |||
| + | #echo "$PAM_USER:$PAM_AUTHTOK" | /usr/sbin/chpasswd | ||
| + | #useradd -m -p "$(/usr/bin/mkpasswd -m sha-512 $PAM_AUTHTOK)" -s /bin/bash "$PAM_USER" | ||
| </code> | </code> | ||
| Line 256: | Line 277: | ||
| ###rm /tmp/krb5cc_0 | ###rm /tmp/krb5cc_0 | ||
| </code> | </code> | ||
| + | ==== Использование pam_exec для регистрации подключений ==== | ||
| + | <code> | ||
| + | # cat /etc/pam.d/sshd | ||
| + | </code><code> | ||
| + | ... | ||
| + | session optional pam_exec.so /bin/bash -c (echo${IFS}Subject:ssh-${PAM_USER}@$(hostname)-${PAM_RHOST};/usr/bin/env)|/usr/bin/curl${IFS}smtp://server.corpX.un${IFS}--mail-from${IFS}root@gate.corpX.un${IFS}--mail-rcpt${IFS}student@corpX.un${IFS}--upload-file${IFS}- | ||
| + | |||
| + | session optional pam_exec.so /bin/bash -c (/usr/bin/env|/usr/local/bin/send-to-telegram.sh) | ||
| + | </code> | ||
| + | |||
использование_библиотеки_pam.1641992836.txt.gz · Last modified: 2022/01/12 16:07 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
