Instalacija KERBEROS protokola
From MediaWiki
Revision as of 12:37, 16 March 2012 by Adimitrievska (Talk | contribs)
Instalacija i podešavanje KERBEROS protokola (služi za proveru identiteta korisnika). KERBEROS je prijavljivanje tipa prijavi-se-samo-jednom (Single Sign On), koje korisnicima omogućava da se samo jednom prijave na sistem i da nakon toga, u skladu sa svojim ovlašćenjima, imaju pristup svim resursima u sistemu (ili mreži).
- Otvoriti Terminal i ukucati
sudo apt-get install krb5-user
Uneti šifru.
- Nakon završene instalacije, treba izmeniti fajl ssh_config:
sudo gedit /etc/ssh/ssh_config
U fajl iskopirati sledeće (umesto ******** treba napisati username), sačuvati i zatvoriti ga:
# This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. Host lxplus*.cern.ch # ForwardAgent no ForwardX11 yes ForwardX11Trusted no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # GSSAPIKeyExchange no GSSAPITrustDNS yes # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes GSSAPIDelegateCredentials yes Host svn.cern.ch User ******** GSSAPIAuthentication yes GSSAPIDelegateCredentials yes # Protocol 2 ForwardX11 yes # IdentityFile ~/.ssh/id_rsa ForwardX11Trusted no GSSAPITrustDNS yes
- Program se pokreće u Terminal-u komandom:
kinit username@CERN.CH
Uneti šifru.
Povratak na: