2. 使用EPS PAM模块进行密码验证
(1) 首先备份 /etc/pam.d/system-auth文件
(2) 修改 /etc/pam.d/system-auth文件如下形式:
auth required /lib/security/pam_unix.so likeauth nullok md5 shadow
auth sufficient /lib/security/pam_eps_auth.so
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_eps_passwd.so
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
|
注意上面第一行黑体字表示PAM的eps_auth模块可以满足认证需求。第二行黑体字表示PAM 的pam_eps_passwd.so 模块用来进行密码管理。
(3) 将标准密码转换为EPS格式
(4) /etc/pam.d/system-auth 配置文件的模块pam_eps_passwd.so 将EPS版本的密码验证字符串写入/etc/tpasswd 文件中。 修改 /etc/pam.dpasswd文件如下形式:
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
|
四、启动SRP版本下的FTP服务器(1)进入SRP源代码FTP子目录,分别建立FTP服务器文件和FTP客户端文件:
#cd /usr/src/redhat/SOURCES/srp-2.2.1/ftp
#make;make install
|
2)建立超级访问程序/etc/xinetd.d/srp-ftpd 内容如下:
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/ftpd
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
disable = no
}
|
3)使用命令从新启动xinetd
4)建立/etc/pam.d/telnet 文件,内容如下:
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user
sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_stack.so service=srp-ftp
auth required /lib/security/pam_shells.so
account required /lib/security/pam_stack.so service=srp-ftp
session required /lib/security/pam_stack.so service=srp-ftp
|
京公网安备 11010802021500号