(1) 首先备份 /etc/pam.d/system-auth文件
(2) 修改 /etc/pam.d/system-auth文件如下形式:
|
auth required /lib/security/pam_unix.so likeauth nullok md5 shadow auth sufficient /lib/security/pam_eps_auth.so auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_unix.so account required /lib/security/pam_deny.so password required /lib/security/pam_cracklib.so retry=3 password required /lib/security/pam_eps_passwd.so password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so |
注意上面第一行黑体字表示PAM的eps_auth模块可以满足认证需求。第二行黑体字表示PAM 的pam_eps_passwd.so 模块用来进行密码管理。
(3) 将标准密码转换为EPS格式
(4) /etc/pam.d/system-auth 配置文件的模块pam_eps_passwd.so 将EPS版本的密码验证字符串写入/etc/tpasswd 文件中。 修改 /etc/pam.dpasswd文件如下形式:
|
auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth |
四、启动SRP版本下的FTP服务器
(1)进入SRP源代码FTP子目录,分别建立FTP服务器文件和FTP客户端文件:
|
#cd /usr/src/redhat/SOURCES/srp-2.2.1/ftp #make;make install |
(2)建立超级访问程序/etc/xinetd.d/srp-ftpd 内容如下:
|
service ftp { socket_type = stream wait = no user = root server = /usr/local/sbin/ftpd log_on_success += DURATION USERID log_on_failure += USERID nice = 10 disable = no } |
(3)使用命令从新启动xinetd
|
#killall -USR1 xinetd |
(4)建立/etc/pam.d/telnet 文件,内容如下:
|
#%PAM-1.0 auth required /lib/security/pam_listfile.so item=user \ sense=deny file=/etc/ftpusers onerr=succeed auth required /lib/security/pam_stack.so service=srp-ftp auth required /lib/security/pam_shells.so account required /lib/security/pam_stack.so service=srp-ftp session required /lib/security/pam_stack.so service=srp-ftp |
