Difference between revisions of "Archive:Solaris Shell Service"

From Tardis
Jump to: navigation, search
(argolin)
Line 1: Line 1:
<tt>ssh.reaper.tardis.ed.ac.uk</tt>
+
<tt>argolin.xen.tardis.ed.ac.uk</tt>
 
* OpenSSH
 
* OpenSSH
* Externally accessible
+
* (Will be) Externally accessible
* Runs in container on [[reaper]]
+
* Runs in xen instance on [[wotan]]
 +
 
 +
== Configuration ==
 +
 
 +
We need to get user information from the LDAP server and authenticate against it.  The following set up the basic configuration:
 +
<pre>
 +
ldapclient manual -a authenticationMethod=none \
 +
-a defaultSearchBase=dc=tardis,dc=ed,dc=ac,dc=uk \
 +
-a defaultServerList=193.62.81.2 \
 +
-a serviceAuthenticationMethod=pam_ldap:simple
 +
</pre>
 +
It appears that specifying the server as a host name isn't good enough; not sure why...
 +
 
 +
You then need to edit <tt>/etc/pam.conf</tt> to use the <tt>pam_ldap</tt> module.  Entries such as
 +
<pre>
 +
other  auth required            pam_unix_auth.so.1
 +
</pre>
 +
to
 +
<pre>
 +
other  auth binding            pam_unix_auth.so.1 server_policy
 +
other  auth required          pam_ldap.so.1
 +
</pre>
  
 
== Issues ==
 
== Issues ==
Line 9: Line 30:
 
[[category:services]]
 
[[category:services]]
 
[[category:ExternalServices]]
 
[[category:ExternalServices]]
[[category:ReaperContainers]]
 

Revision as of 19:10, 9 August 2007

argolin.xen.tardis.ed.ac.uk

  • OpenSSH
  • (Will be) Externally accessible
  • Runs in xen instance on wotan

Configuration

We need to get user information from the LDAP server and authenticate against it. The following set up the basic configuration:

ldapclient manual -a authenticationMethod=none \
-a defaultSearchBase=dc=tardis,dc=ed,dc=ac,dc=uk \
-a defaultServerList=193.62.81.2 \
-a serviceAuthenticationMethod=pam_ldap:simple

It appears that specifying the server as a host name isn't good enough; not sure why...

You then need to edit /etc/pam.conf to use the pam_ldap module. Entries such as

other   auth required            pam_unix_auth.so.1

to

other   auth binding            pam_unix_auth.so.1 server_policy
other   auth required           pam_ldap.so.1

Issues

  • Not mounting homedirs off NFS yet.