Мой дневник

04.03.2011

Аутентификация linux через etoken в AD

Filed under: компьютеры,ссылки — sae762 @ 14:57

Копипаст из:
http://www.opennet.ru/openforum/vsluhforumID14/1412.html
(тема ведь интересная)

===============

Вобщем так. Проблема решилась установкой двух библиотек от alladin:
libetpkcs11.so.3-65.3
libetokendll.so.3-65.3

Далее в конфиге pam_pkcs11
$ cat /etc/pam_pkcs11/pam_pkcs11.conf

pam_pkcs11 {

  # Allow empty passwords
  nullok = false;

  # Enable debugging support.
  debug = false;

  # Do not prompt the user for the passwords but take them from the
  # PAM_ items instead.
  use_first_pass = false;

  # Do not prompt the user for the passwords unless PAM_(OLD)AUTHTOK
  # is unset.
  try_first_pass = false;

  # Like try_first_pass, but fail if the new PAM_AUTHTOK has not been
  # previously set (intended for stacking password modules only).
  use_authtok = false;

  # Filename of the PKCS #11 module. The default value is “default”

  use_pkcs11_module = alladin;

  pkcs11_module alladin {
    module =  /usr/lib/libetpkcs11.so;
    description = “Alladin module”;
    slot_num = 0;
    crl_policy = ca_online;
  }

  use_mappers = ms;

  mapper_search_path = /usr/lib/pam_pkcs11;

  # ms – Use Microsoft Universal Principal Name extension
  # UPN is in format login@ADS_Domain. No map is needed, just
  # check domain name.
  mapper ms {
        debug = false;
        module = internal;
        # module = /usr/lib/pam_pkcs11/ms_mapper.so;
        ignorecase = false;
        ignoredomain = false;
        domain = “DOMAIN.RU”;
  }

}

Ставим драйвера от кард-ридера для pcscd-lite.
И, собсно все.
Дистр – gentoo

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: