{"id":4056,"date":"2018-08-11T10:48:01","date_gmt":"2018-08-11T02:48:01","guid":{"rendered":"https:\/\/ixyzero.com\/blog\/?p=4056"},"modified":"2020-09-22T23:01:26","modified_gmt":"2020-09-22T15:01:26","slug":"linux%e4%b8%8b%e8%b4%a6%e6%88%b7%e8%ae%a4%e8%af%81%e6%8e%88%e6%9d%83%e7%9a%84%e4%b8%80%e4%ba%9b%e7%9f%a5%e8%af%86%e7%82%b9","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/4056.html","title":{"rendered":"Linux\u4e0b\u8d26\u6237\u8ba4\u8bc1\u6388\u6743\u7684\u4e00\u4e9b\u77e5\u8bc6\u70b9"},"content":{"rendered":"<p>=Start=<\/p>\n<h4 id=\"id-\u6a21\u677f-\u7f18\u7531\uff1a\">\u7f18\u7531\uff1a<\/h4>\n<p>\u60f3\u597d\u597d\u4e86\u89e3\u4e00\u4e0bLinux\u76f8\u5173\u7684\u8d26\u6237\u8ba4\u8bc1\u6388\u6743\u76f8\u5173\u7684\u77e5\u8bc6\u70b9\uff0c\u5728\u6b64\u505a\u4e2a\u603b\u7ed3\u3002<\/p>\n<h4 id=\"id-\u6a21\u677f-\u6b63\u6587\uff1a\">\u6b63\u6587\uff1a<\/h4>\n<h5 id=\"id-\u6a21\u677f-\u53c2\u8003\u89e3\u7b54\uff1a\">\u53c2\u8003\u89e3\u7b54\uff1a<\/h5>\n<h4><strong># \u5e10\u6237\uff08Account\uff09<\/strong><\/h4>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Name_Service_Switch\" target=\"_blank\" rel=\"noopener noreferrer\">NSS<\/a>(Name Service Switch)\u540d\u79f0\u670d\u52a1\u5f00\u5173<\/p>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Lightweight_Directory_Access_Protocol\" target=\"_blank\" rel=\"noopener noreferrer\">LDAP<\/a>(Lightweight Directory Access Protocol)\u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae<\/p>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/X.500\" target=\"_blank\" rel=\"noopener noreferrer\">X.500<\/a>(X.500\u662f\u4e00\u7cfb\u5217\u6db5\u76d6\u7535\u5b50\u76ee\u5f55\u670d\u52a1\u7684\u8ba1\u7b97\u673a\u7f51\u7edc\u6807\u51c6)<\/p>\n<h4><strong># \u8ba4\u8bc1\uff08Authenticate\uff09<\/strong><\/h4>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Pluggable_authentication_module\" target=\"_blank\" rel=\"noopener noreferrer\">PAM<\/a>(Pluggable authentication module)\u53ef\u63d2\u62d4\u8ba4\u8bc1\u6a21\u5757<\/p>\n<h4><strong># \u6388\u6743\uff08Authorize\uff09<\/strong><\/h4>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Kerberos_(protocol)\">Kerberos<\/a>(\u57fa\u4e8e\u7968\u636e\u7684\u8ba1\u7b97\u673a\u7f51\u7edc\u8ba4\u8bc1\u534f\u8bae)<\/p>\n<h4><strong># \u7f13\u5b58\u2014\u2014\u51fa\u4e8e\u6027\u80fd\u3001\u7a33\u5b9a\u6027\u7684\u8003\u8651<\/strong><\/h4>\n<p><a href=\"https:\/\/linux.die.net\/man\/8\/nscd\">nscd<\/a>(name service cache daemon)\u540d\u79f0\u670d\u52a1\u7f13\u5b58\u5b88\u62a4\u8fdb\u7a0b<\/p>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/System_Security_Services_Daemon\" target=\"_blank\" rel=\"noopener noreferrer\">SSSD<\/a>(System Security Services Daemon)\u7cfb\u7edf\u5b89\u5168\u670d\u52a1\u5b88\u62a4\u8fdb\u7a0b<\/p>\n<h4><strong># \u4e00\u7ad9\u5f0f\u670d\u52a1<\/strong><\/h4>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/FreeIPA\" target=\"_blank\" rel=\"noopener noreferrer\">FreeIPA<\/a>(Identity, Policy, and Audit (IPA))\u5f00\u6e90\u7684\u8eab\u4efd\u3001\u7b56\u7565\u3001\u5ba1\u8ba1\uff08Freeipa\u662f\u7edf\u4e00\u7684\u5b89\u5168\u4fe1\u606f\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u901a\u8fc7\u6574\u5408389 Directory Server\u3001SSSD\u3001MIT Kerberos, NTP, DNS, Dogtag(Certificate System) \u63d0\u4f9b\u4e86\u96c6\u4e2d\u5f0f\u7684\u8d26\u53f7\u3001\u8ba4\u8bc1\u3001\u6388\u6743\u7ba1\u7406\u3002\uff09<\/p>\n<hr>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/image.slidesharecdn.com\/06rhdsidm-121218024635-phpapp01\/95\/red-hat-directory-server-rhel-idm-10-638.jpg\" width=\"638\" height=\"479\"><\/p>\n<p>&amp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full\" src=\"http:\/\/bytepadding.com\/wp-content\/uploads\/2018\/02\/SSD_1.png\" width=\"1980\" height=\"1420\"><\/p>\n<h5 id=\"id-\u6a21\u677f-\u53c2\u8003\u94fe\u63a5\uff1a\">\u53c2\u8003\u94fe\u63a5\uff1a<\/h5>\n<ul>\n<li><a href=\"https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/6\/html\/Identity_Management_Guide\/index.html\">https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/6\/html\/Identity_Management_Guide\/index.html<\/a><\/li>\n<li><a href=\"https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/7\/html-single\/system-level_authentication_guide\/index\">https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/7\/html-single\/system-level_authentication_guide\/index<\/a><\/li>\n<li><a href=\"https:\/\/unix.stackexchange.com\/questions\/166134\/basic-explanation-on-nss-ldap-and-pam\">https:\/\/unix.stackexchange.com\/questions\/166134\/basic-explanation-on-nss-ldap-and-pam<\/a><\/li>\n<li><a href=\"https:\/\/unix.stackexchange.com\/questions\/334287\/pam-vs-ldap-vs-sssd-vs-kerberos\">https:\/\/unix.stackexchange.com\/questions\/334287\/pam-vs-ldap-vs-sssd-vs-kerberos<\/a><\/li>\n<li><a href=\"http:\/\/gombita.info\/go\/sssd-security.html\">http:\/\/gombita.info\/go\/sssd-security.html<\/a><\/li>\n<li><a href=\"http:\/\/www.dogtagpki.org\/wiki\/PKI_Main_Page\">http:\/\/www.dogtagpki.org\/wiki\/PKI_Main_Page<\/a><\/li>\n<li><a href=\"https:\/\/rhelblog.redhat.com\/tag\/dogtag-certificate-system\/\">https:\/\/rhelblog.redhat.com\/tag\/dogtag-certificate-system\/<\/a><\/li>\n<\/ul>\n<p>=END=<\/p>\n","protected":false},"excerpt":{"rendered":"<p>=Start= \u7f18\u7531\uff1a \u60f3\u597d\u597d\u4e86\u89e3\u4e00\u4e0bLinux\u76f8\u5173\u7684\u8d26\u6237\u8ba4\u8bc1\u6388\u6743\u76f8\u5173\u7684\u77e5\u8bc6\u70b9\uff0c\u5728\u6b64\u505a\u4e2a\u603b\u7ed3\u3002 \u6b63\u6587\uff1a \u53c2\u8003\u89e3 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,11,25],"tags":[1200,1197,524,30,1198,1196,671,1199],"class_list":["post-4056","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-linux","category-security","tag-freeipa","tag-kerberos","tag-ldap","tag-linux","tag-nscd","tag-nss","tag-pam","tag-sssd"],"views":4260,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/4056","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=4056"}],"version-history":[{"count":3,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/4056\/revisions"}],"predecessor-version":[{"id":4974,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/4056\/revisions\/4974"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=4056"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=4056"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=4056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}