(8) PAM authentication module through the PAM library authentication information to applications.
(9) certification is complete, the application to make two choices: set the desired permissions to give users and notifies the user. Authentication failed, and notify the user. PAM workflow shown in Figure 1. Figure 1PAM workflow PAM specific use: # cd/usr/src/redhat/SOURCES/srp-2.1.1/base/pam_eps. #install-m644pam_eps_aut. Sopam_eps_passwd.so/lib/security above command will install the/lib/security directory PAM modules. Then use the command: "/usr/local/bin/tconf" create/etc/tpasswd and/etc/tpasswd.conf file. 2. use EPSPAM module password authentication (1) first backup/etc/pam.d/system-aut files (2) modify the/etc/pam.d/system-auth file follows: authrequired/lib/security/pam_unix.solikeaut nullokmd5sadow authsufficient/lib/security/pam_eps_aut.so authrequired/lib/security/pam_deny.so accountsufficient/lib/security/pam_unix.so accountrequired/lib/security/pam_deny.so passwordrequired/lib/security/pam_cracklib.soretry = 3 passwordrequired/lib/security/pam_eps_passwd.so passwordsufficient/lib/security/pam_unix.so nullokuse_authtokmd5sadow passwordrequired/lib/security/pam_deny.so sessionrequired/lib/security/pam_limits.so sessionrequired/lib/security/pam_unix.so note the first line in bold above said Pam eps_auth module can meet certification requirements. The second line boldface indicates the pam_eps_passwd.so PAM module for password management. (3) the standard password is converted to EPS format (4)/etc/pam.d/system-auth profile module pam_eps_passwd.so EPS version of the password verification string/etc/tpasswd file. Modify/etc/pam.dpasswd file follows: authrequired/lib/security/pam_stack.so service = system-aut accountrequired/lib/security/pam_stack.so service = system-aut passwordrequired/lib/security/pam_stack.so service = system-aut 4, start the SRP version of Telnet Server (1) enter SRP source telnet subdirectories, respectively, the establishment of the Telnet Server and Telnet client file: # cd/usr/src/redhat/SOURCES/srp-2.2.1/telnet # make; makeinstall (2) establishment of Super access program/etc/xinetd.d/srp-telnetd reads as follows: # description: TheSRPTelnetserver servesTelnetconnections. #ItusesSRPforauthentication. Servicetelnet {socket_type = stream wait = no user = root server =/usr/local/sbin/telnetd log_on_success += DURATIONUSERID log_on_failure += USERID nice = 10 disable = no} (3) use the command from the new start xinetd # killall-USR1xinetd (4) establish/etc/pam.d/telnet file, as follows: authrequired/lib/security/pam_listfile.soitem = usersense = denyfile =/etc/telnetusersonerr = succeed authrequired/lIb/security/pam_stack.soservice = srp-telnet authrequired/lib/security/pam_shells.so accountrequired/lib/security/pam_stack.soservice = srp-telnet sessionrequired/lib/security/pam_stack.soservice = srp-telnet ends here now established a use SRP service Telnet Server. First test locally. The following is a typical session: $/usr/local/bin/telnetlocalhost23 Trying127.0.0.1 ... Connectedtolocalhost.intevo.com(127.0.0.1). Escapecharacteris'^]'. [TryingSRP...] SRPUsername (root): cao [Using1024-bitmodulusfor'cao '] SRPPassword: [SRPauthenticationsuccessful] [InputisnowdecryptedwithtypeCAST128_CFB64] [OutputisnowencryptedwithtypeCAST128_CFB64] Lastlogin: TueDec2109: 30: 08fromcao.net Linux if you want the other computer to use telnet to the server, you need to install the SRP SRP SRP service support and client software. Method is the same as the server side in the SRP. 5. in a non-Linux platforms using the same SRP SRP client support other popular operating systems (Unix, BSD, Winodws, MacOS). As long as the install Java plug-in browser. Details of the former view related website: http://srp.stanford.edu/demo/. Summary: the above provides a relative OPENSSH more secure and quick Telnet remote Linux server, SRP service based Telnet application and other network applications like belonging to a client/server model, once connected, the client can access server provides all the services. SRP package is Telnet security software.
No comments:
Post a Comment