Rubrique précédente: Configuration de la fonctionnalité de synchronisation de mot de passe UNIXRubrique suivante: Configuration du fichier pam.conf


Configuration du fichier pam_CA_eta.conf

Pour configurer le fichier pam_CA_eta.conf, procédez comme suit.

Pour configurer le fichier pam_CA_eta.conf :

  1. Accédez au dossier /etc/pam_CA_eta.
  2. Modifiez le fichier pam_CA_eta.conf. Ce fichier de configuration contient sa propre documentation.
    #
    #	CA - CA Identity Manager
    #
    #	pam_CA_eta.conf
    #
    #	Configuration file for the Unix PAM password module "pam_CA_eta"
    #
    
    # keyword: server
    # description: the CA Identity Manager LDAP server primary and optional alternate server hostname
    # value: a valid hostname and an optional server
    # default: no default
    server ETA_SERVER ALT_SERVER
    
    #
    
    # keyword: port
    # description: the numeric TCP/IP port number of the CA Identity Manager LDAP server
    # value: a valid TCP/IP port number
    # default: 20390
    # port 20390
    
    
    # keyword: use-tls
    # description: does it use the secured LDAP over TLS protocol ?
    # value: yes or no
    # default: yes
    # use-tls yes
    
    # keyword: time-limit
    # description: the maximum time in seconds to wait for the end of an LDAP operation.
    # value: a numeric value of seconds
    # default: 300
    # time-limit 300
    
    # keyword: remote-server
    # description: identifies whether on premise or cloud Identity Manager 
    #              server is used.
    #              Cloud based server is accessed by proxying the requests 
    #              through the on-premise CS, requiring use of remote-server 
    #              set to 'yes'.
    # value: yes or no
    # default: no
    # remote-server no
    
    # keyword: size-limit
    # description: the maximum number of entries returned by the CA Identity Manager server
    # value: a numeric value
    # default: 100
    # size-limit 100
    
    
    # keyword: root
    # description: the root DN of the CA Identity Manager server
    # value: a valid DN string
    # default: dc=eta
    # root dc=eta
    
    
    # keyword: domain
    # description: the name of the CA Identity Manager domain
    # value: a string
    # default: im
    # domain	im
    
    
    # keyword: user
    # description: the CA Identity Manager Global User name used to bind to the CA Identity Manager server
    # value: a valid Global User name string
    # default: etaadmin
    # user etaadmin
    
    
    # keyword: password
    # description: the clear-text password of the "binding" CA Identity Manager Global User
    # value: the password of the above Global User
    # default: no default
    password SECRET
    
    
    # keyword: directory-type
    # description: the CA Identity Manager Unix Endpoint type of this Unix server
    # value: ETC or NIS
    # default: ETC
    # endpoint-type ETC
    
    
    # keyword: endpoint-name
    # description: the CA Identity Manager Unix Endpoint name of this Unix server
    # value: a valid Unix Endpoint name string
    # default:
    # ETC: the result of the "hostname" command (ie: gethostname() system call)
    # NIS: "domain [hostname]" where "domain" is the result of the "domainname" command
    #  (ie: getdomainname() system call) and "hostname" the result of the "hostname"
    #    command (ie: gethostname() system call)
    # endpoint-name dirname
    
    
    # keyword: tls-cacert-file
    # description: the name of the CA Identity Manager CA certificate file
    # value: a valid full path file name
    # default: /etc/pam_CA_eta/et2_cacert.pem
    # tls-cacert-file /etc/pam_CA_eta/et2_cacert.pem
    
    
    # keyword: tls-cert-file
    # description: the name of the CA Identity Manager client certificate file
    # value: a valid full path file name
    # default: /etc/pam_CA_eta/eta2_clientcert.pem
    # tls-cert-file /etc/pam_CA_eta/eta2_clientcert.pem
    
    
    # keyword: tls-key-file
    # description: the name of the CA Identity Manager client private key file
    # value: a valid full path file name
    # default: /etc/pam_CA_eta/eta2_clientkey.pem
    # tls-key-file /etc/pam_CA_eta/eta2_clientkey.pem
    
    
    # keyword: tls-random-file
    # description: the name of the "pseudo random number generator" seed file
    # value: a valid full path file name
    # default: /etc/pam_CA_eta/prng_seed
    # tls-random-file /etc/pam_CA_eta/prng_seed
    
    
    # keyword: use-status
    # description: this module will exit with a non-zero status code in case of failure.
    # value: yes or no
    # default: no
    # use-status no
    
    
    # keyword: verbose
    # description: this module will display informational or error messages to the user.
    # value: yes or no
    # default: yes
    # verbose yes
    

Remarque : Les paramètres de serveur, de domaine et de mot de passe n'ont pas de valeur par défaut et ne doivent pas être mis à jour.