Pour configurer le fichier pam_CA_eta.conf, procédez comme suit.
Pour configurer le fichier pam_CA_eta.conf :
# # CA - CA Identity Manager # # pam_CA_eta.conf # # Configuration file for the Unix PAM password module "pam_CA_eta" #
# keyword: server # description: the CA Identity Manager LDAP server primary and optional alternate server hostname # value: a valid hostname and an optional server # default: no default server ETA_SERVER ALT_SERVER
#
# keyword: port # description: the numeric TCP/IP port number of the CA Identity Manager LDAP server # value: a valid TCP/IP port number # default: 20390 # port 20390
# keyword: use-tls # description: does it use the secured LDAP over TLS protocol ? # value: yes or no # default: yes # use-tls yes
# keyword: time-limit # description: the maximum time in seconds to wait for the end of an LDAP operation. # value: a numeric value of seconds # default: 300 # time-limit 300 # keyword: remote-server # description: identifies whether on premise or cloud Identity Manager # server is used. # Cloud based server is accessed by proxying the requests # through the on-premise CS, requiring use of remote-server # set to 'yes'. # value: yes or no # default: no # remote-server no
# keyword: size-limit # description: the maximum number of entries returned by the CA Identity Manager server # value: a numeric value # default: 100 # size-limit 100
# keyword: root # description: the root DN of the CA Identity Manager server # value: a valid DN string # default: dc=eta # root dc=eta
# keyword: domain # description: the name of the CA Identity Manager domain # value: a string # default: im # domain im
# keyword: user # description: the CA Identity Manager Global User name used to bind to the CA Identity Manager server # value: a valid Global User name string # default: etaadmin # user etaadmin
# keyword: password # description: the clear-text password of the "binding" CA Identity Manager Global User # value: the password of the above Global User # default: no default password SECRET
# keyword: directory-type # description: the CA Identity Manager Unix Endpoint type of this Unix server # value: ETC or NIS # default: ETC # endpoint-type ETC
# keyword: endpoint-name # description: the CA Identity Manager Unix Endpoint name of this Unix server # value: a valid Unix Endpoint name string # default: # ETC: the result of the "hostname" command (ie: gethostname() system call) # NIS: "domain [hostname]" where "domain" is the result of the "domainname" command # (ie: getdomainname() system call) and "hostname" the result of the "hostname" # command (ie: gethostname() system call) # endpoint-name dirname
# keyword: tls-cacert-file # description: the name of the CA Identity Manager CA certificate file # value: a valid full path file name # default: /etc/pam_CA_eta/et2_cacert.pem # tls-cacert-file /etc/pam_CA_eta/et2_cacert.pem
# keyword: tls-cert-file # description: the name of the CA Identity Manager client certificate file # value: a valid full path file name # default: /etc/pam_CA_eta/eta2_clientcert.pem # tls-cert-file /etc/pam_CA_eta/eta2_clientcert.pem
# keyword: tls-key-file # description: the name of the CA Identity Manager client private key file # value: a valid full path file name # default: /etc/pam_CA_eta/eta2_clientkey.pem # tls-key-file /etc/pam_CA_eta/eta2_clientkey.pem
# keyword: tls-random-file # description: the name of the "pseudo random number generator" seed file # value: a valid full path file name # default: /etc/pam_CA_eta/prng_seed # tls-random-file /etc/pam_CA_eta/prng_seed
# keyword: use-status # description: this module will exit with a non-zero status code in case of failure. # value: yes or no # default: no # use-status no
# keyword: verbose # description: this module will display informational or error messages to the user. # value: yes or no # default: yes # verbose yes
Remarque : Les paramètres de serveur, de domaine et de mot de passe n'ont pas de valeur par défaut et ne doivent pas être mis à jour.
|
Copyright © 2014 CA.
Tous droits réservés.
|
|