Setting-up a Linux host for Using LDAP Accounts and TwoFactor Authentication
These instructions assume you are using Ubuntu, so YMMV.
First, install some packages:
apt-get install ntp-simple libnss-ldap tcsh libpam-radius-auth
In the configuration for libnss-ldap, when asked for an LDAP URI, use:
ldap://watiknow.cscf.uwaterloo.ca
When asked for the base DN, use the following:
dc=cscf,dc=cs,dc=uwaterloo,dc=ca
Leave the Root Bind DN and password blank, as the LDAP server allows anonymous queries.
As described in the TwoFactor document, add the RADIUS servers and shared keys to the /etc/pam_radius_auth.conf file. For this configuration, put the documented PAM stack in /etc/pam.d/common-auth instead of /etc/pam.d/sudo. Don't forget to set-up the sudoers file.
Make sure /etc/pam..d/common-session looks like this:
session required pam_mkhomedir.so session required pam_unix.so session optional pam_foreground.so
In the /etc/nsswitch.conf file, add ldap to the end of the passwd line:
passwd: compat ldap
Test accounts lookup via LDAP by typing getent passwd. You should see all the entries for CSCF staff.
To login, CSCF staff must use their PIN and token code. On login, a home directory is created, allowing for the set-up of ssh public key authentication, if desired. To obtain root, sudo -s is required with the PIN and code from the authentication token.
-- JasonTestart - 28 Sep 2007
- CF Web
- CF Web Home
- Changes
- Index
- Search
- Administration
- Communication
- Hardware
- HelpDeskGuide
- Infrastructure
- InternalProjects
- Linux
- MachineNotes
- Macintosh
- Management
- Networking
- Printing
- Research
- Security
- Software
- Solaris
- StaffStuff
- TaskGroups
- TermGoals
- Teaching
- UserSupport
- Vendors
- Windows
- XHier
- Other Webs
- My links
 |
|
Copyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback