67 lines
2.2 KiB
Bash
67 lines
2.2 KiB
Bash
|
#!/bin/bash
|
|||
|
|
|||
|
set -e
|
|||
|
|
|||
|
if [ "$EUID" -ne 0 ]
|
|||
|
then echo "Пожалуйста запустите с правами root"
|
|||
|
exit
|
|||
|
fi
|
|||
|
|
|||
|
echo "Для авторизации через контроллер домена введите"
|
|||
|
|
|||
|
read -p "имя домена: " address
|
|||
|
read -p "ip-адрес сервера: " ip
|
|||
|
|
|||
|
domain=`echo $address | tr '[:lower:]' '[:upper:]'`
|
|||
|
|
|||
|
echo -e "\n$ip\t$domain\n" >> /etc/hosts
|
|||
|
|
|||
|
sed -i -E "s/default_realm.*/default_realm = $domain/g" /etc/krb5.conf
|
|||
|
sed -i -E "s/\[realms\]/\[realms\]\n $domain = {\n kdc = $address\n admin_server = $address\n }\n/g" /etc/krb5.conf
|
|||
|
|
|||
|
echo "
|
|||
|
account sufficient pam_script.so
|
|||
|
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
|
|||
|
account requisite pam_deny.so
|
|||
|
account required pam_permit.so
|
|||
|
account required pam_krb5.so minimum_uid=1000
|
|||
|
" > /etc/pam.d/common-account
|
|||
|
|
|||
|
echo "
|
|||
|
auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000
|
|||
|
auth [success=2 default=ignore] pam_unix.so nullok try_first_pass
|
|||
|
auth requisite pam_deny.so
|
|||
|
auth sufficient pam_script.so
|
|||
|
auth required pam_permit.so
|
|||
|
" > /etc/pam.d/common-auth
|
|||
|
|
|||
|
echo "
|
|||
|
password [success=3 default=ignore] pam_krb5.so minimum_uid=1000
|
|||
|
password sufficient pam_script.so
|
|||
|
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass yescrypt
|
|||
|
password requisite pam_deny.so
|
|||
|
password required pam_permit.so
|
|||
|
password optional pam_gnome_keyring.so
|
|||
|
" > /etc/pam.d/common-password
|
|||
|
|
|||
|
echo "
|
|||
|
session [default=1] pam_permit.so
|
|||
|
session requisite pam_deny.so
|
|||
|
session required pam_permit.so
|
|||
|
session optional pam_krb5.so minimum_uid=1000
|
|||
|
session optional pam_script.so
|
|||
|
session required pam_unix.so
|
|||
|
session optional pam_systemd.so
|
|||
|
" > /etc/pam.d/common-session
|
|||
|
|
|||
|
echo "
|
|||
|
session [default=1] pam_permit.so
|
|||
|
session requisite pam_deny.so
|
|||
|
session required pam_permit.so
|
|||
|
session optional pam_krb5.so minimum_uid=1000
|
|||
|
session optional pam_script.so
|
|||
|
session required pam_unix.so
|
|||
|
" > /etc/pam.d/common-session-noninteractive
|
|||
|
|
|||
|
echo "Поддержка домена $domain добавлена"
|