#!/bin/bash set -e if [ "$EUID" -ne 0 ] then echo "Пожалуйста запустите с правами root" exit fi echo "Для авторизации через контроллер домена введите" read -p "имя домена: " address read -p "ip-адрес сервера: " ip domain=`echo $address | tr '[:lower:]' '[:upper:]'` echo -e "\n$ip\t$domain\n" >> /etc/hosts sed -i -E "s/default_realm.*/default_realm = $domain/g" /etc/krb5.conf sed -i -E "s/\[realms\]/\[realms\]\n $domain = {\n kdc = $address\n admin_server = $address\n }\n/g" /etc/krb5.conf echo " account sufficient pam_script.so account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so account requisite pam_deny.so account required pam_permit.so account required pam_krb5.so minimum_uid=1000 " > /etc/pam.d/common-account echo " auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=2 default=ignore] pam_unix.so nullok try_first_pass auth requisite pam_deny.so auth sufficient pam_script.so auth required pam_permit.so " > /etc/pam.d/common-auth echo " password [success=3 default=ignore] pam_krb5.so minimum_uid=1000 password sufficient pam_script.so password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass yescrypt password requisite pam_deny.so password required pam_permit.so password optional pam_gnome_keyring.so " > /etc/pam.d/common-password echo " session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session optional pam_krb5.so minimum_uid=1000 session optional pam_script.so session required pam_unix.so session optional pam_systemd.so " > /etc/pam.d/common-session echo " session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session optional pam_krb5.so minimum_uid=1000 session optional pam_script.so session required pam_unix.so " > /etc/pam.d/common-session-noninteractive echo "Поддержка домена $domain добавлена"