服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 在Kerberized Linux框中添加本地用户/密码
Intereting Posts
如何将我的主机浏览器连接到我的访客Web服务器 将外部数据存储添加到esxi,扩展数据存储 资源过度使用和memory_get_peak_usage()不匹配 cron脚本和使用top命令的TERM定义的问题 有没有办法通过CoreOS上的云configuration来configurationjournald.conf? (D)DoS攻击后stream量积压? 如何知道谁访问过电子邮件? 达夫科特 控制+标点符号不在terminal注册 MySQL语法错误意外' – ' 最具成本效益的解决scheme,以防止硬盘故障 Exchange 2013和TLS 1.1 / 1,2 Ubuntu raid 1写错误 有没有任何apache模块logging日志运行请求 跨WAN的DFS复制 服务器上的DNS更改之后路由错误?

在Kerberized Linux框中添加本地用户/密码

现在,如果我尝试添加一个非系统用户而不是在大学的Kerberos领域,无论如何我都会提示inputKerberos密码。 显然没有密码input,所以我只是按回车,看看: 

passwd: Authentication token manipulation error passwd: password unchanged

键入passwd newuser与同一个消息有相同的问题。

我试图使用pwconv ,希望只需要一个影子入口,但它没有改变。

我想能够添加一个本地用户不在领域,给他们一个本地的密码,而不用担心Kerberos。

我在Ubuntu 10.04上。 这里是我的/etc/pam.d/common-*文件(Ubuntu的pam-auth-update软件包生成的默认文件):

将/etc/pam.d/common-account 

 # here are the per-package modules (the "Primary" block) account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so # here's the fallback if no module succeeds account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around account required pam_permit.so # and here are more per-package modules (the "Additional" block) account required pam_krb5.so minimum_uid=1000 # end of pam-auth-update config

将/etc/pam.d/common-auth 

 # here are the per-package modules (the "Primary" block) auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config

/etc/pam.d/common-password 

 # here are the per-package modules (the "Primary" block) password requisite pam_krb5.so minimum_uid=1000 password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 # here's the fallback if no module succeeds password requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around password required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config

/etc/pam.d/common-session 

 # here are the per-package modules (the "Primary" block) session [default=1] pam_permit.so # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # and here are more per-package modules (the "Additional" block) session optional pam_krb5.so minimum_uid=1000 session required pam_unix.so # end of pam-auth-update config

通过pam-auth-update命令暂时调整

  1. 您可以使用pam-auth-update临时停用Kerberos。 所以看起来像这样:
    [ ] Kerberos authentication
  2. 然后你可以添加用户/更改密码。
  3. 然后在完成后使用pam-auth-update重新激活Kerberos。 所以看起来像这样:
    [*] Kerberos authentication

另请参阅: pam-auth-update联机帮助页