Re: Setting up LDAP/SSL during kickstart

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



SSL = SSLv1 or SSLv2
TLS = SSLv3

On 9/6/07, Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx> wrote:
> Hi,
>
> Thanks for reviewing.
>
> I'm on RHEL4 and was having all sorts of weird issues with using
> auth/authconfig.
>
> Does TLS == SSL for LDAP?
>
> Cheers,
> Harry
>
>
> mups.cp wrote:
> > The kickstart auth option allow set must tyhe options you are settings
> > into %post.
> > http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/s1-kickstart2-options.html
> > has all you need. Look for auth/authconfig
> >
> >
> >> %post
> >> # Setup LDAP
> >> #
> >> # equiv to running setup tool
> >> authconfig --kickstart --enableshadow --enablemd5 --enableldap
> >> --enableldapauth --ldapserver ldap.yourdomain.com --ldapbasedn
> >> dc=yourdomain,dc=com
> >
> > Use this out %post. Look the link above.
> >
> >
> >> #
> >> # Turn SSL on in the config files
> >> perl -p -i -e 's/^ssl no/ssl on/g' /etc/ldap.conf
> >> echo "tls_cacertfile /etc/openldap/cacerts/cacert.asc" >> /etc/ldap.conf
> >> echo "URI ldaps://ldap.yourdomain.com" >> /etc/openldap/ldap.conf
> >
> > Again, no necessary if using the above --enableldaptls.
> >
> >> #
> >> # Create a directory to hold our Cert Auth certificate
> >> mkdir -p /etc/openldap/cacerts
> >> # Download the CA certificate
> >> wget -O /etc/openldap/cacerts/cacert.asc http://INSTALL_SERVER/cacert.asc
> >> #
> > OK
> >
> >> # Have PAM autocreate home directories upon login
> >> echo "session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
> >> umask=0077" >> /etc/pam.d/system-auth
> >
> > This is useful only if users connect through ssh.
> > Through samba use root preexec to create home dir automaticly.
> > For Linux clients use autofs.
> >
> >> #
> >> # Ensure that local authorization is enough to get on the system
> >> # (i.e. root can login)
> >> perl -p -i -e 's/^USELOCAUTHORIZE=no/USELOCAUTHORIZE=yes/'
> >> /etc/sysconfig/authconfig
> >
> > My system works without change this.
> >
> > _______________________________________________
> > Kickstart-list mailing list
> > Kickstart-list@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/kickstart-list
>
> _______________________________________________
> Kickstart-list mailing list
> Kickstart-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/kickstart-list
>

_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/kickstart-list

[Index of Archives]     [Red Hat General]     [CentOS Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux