2. 使用EPS PAM模塊進行密碼驗證
(1) 首先備份 /etc/pam.d/system-auth文件
(2) 修改 /etc/pam.d/system-auth文件如下形式:
auth required /lib/security/pam_unix.so likeauth nullok md5 shadow
auth sufficient /lib/security/pam_eps_auth.so
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_eps_passwd.so
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
|
注意上面第一行黑體字表示PAM的eps_auth模塊可以滿足認證需求。第二行黑體字表示PAM 的pam_eps_passwd.so 模塊用來進行密碼管理。
(3) 將標準密碼轉換為EPS格式
(4) /etc/pam.d/system-auth 配置文件的模塊pam_eps_passwd.so 將EPS版本的密碼驗證字符串寫入/etc/tpasswd 文件中。 修改 /etc/pam.dpasswd文件如下形式:
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
|
四、啟動SRP版本下的FTP服務器(1)進入SRP源代碼FTP子目錄,分別建立FTP服務器文件和FTP客戶端文件:
#cd /usr/src/redhat/SOURCES/srp-2.2.1/ftp
#make;make install
|
2)建立超級訪問程序/etc/xinetd.d/srp-ftpd 內容如下:
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/ftpd
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
disable = no
}
|
3)使用命令從新啟動xinetd
4)建立/etc/pam.d/telnet 文件,內容如下:
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user
sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_stack.so service=srp-ftp
auth required /lib/security/pam_shells.so
account required /lib/security/pam_stack.so service=srp-ftp
session required /lib/security/pam_stack.so service=srp-ftp
|
