open×××+Mysql+PAM构建强大的***系统
open×××+Mysql+PAM構(gòu)建強大的***系統(tǒng)
本次為新的生產(chǎn)環(huán)境部署系統(tǒng)而采用了這個方案,陸續(xù)會將實際的生產(chǎn)架構(gòu)整理出來.由于涉及到公司的各種敏感信息,已經(jīng)將IP做了替換中途可能有出入?敬請諒解。等我找時間畫圖出來一并奉上。
如果有根本上的問題,請大家指正。
本次為了測試使用了如下的軟件版本:
epel-release-6-8.noarch.rpm
lzo-2.03.tar.gz
open***-2.2.2.tar.gz
open***-2.0.7.tar.gz
open***-2.2.1-install.exe
1?安裝epel第三方源:
| 12 | wget?http://mirror.neu.edu.cn/fedora/epel/6/i386/epel-release-6-8.noarch.rpmrpm?-ivh?epel-release-6-8.noarch.rpm |
2?安裝各種依賴關(guān)系:
| 1 | yum?-y?installgcc?gcc-c++?autoconf?libjpeg?libjpeg-devel?libpng?libpng-devel?freetype?freetype-devel?libxml2?libxml2-devel?zlib?zlib-devel?glibc?glibc-devel?glib2?glib2-devel?bzip2bzip2-devel?ncurses?ncurses-devel?curl?curl-devel?e2fsprogs?e2fsprogs-devel?krb5?krb5-devel?libidn?libidn-devel?openssl?openssl-devel?openldap?openldap-devel?nss_ldap?openldap-clients?openldap-servers |
3?安裝
| 12 | yum?installpam_krb5?pam_mysql?pam?pam-develyum?installmysql?mysql-server?mysql-devel?mysql-libs |
4?安裝lzo:
| 12 | wget?http://www.oberhumer.com/opensource/lzo/download/lzo-2.03.tar.gzcdlzo-2.03?&&?./configure&&?make&&?makeinstall |
5?添加路徑:
| 123456789 | cat>>/etc/ld.so.conf<<EOF/lib/lib64/usr/lib/usr/lib64/usr/local/lib/usr/local/lib64EOFldconfig |
6?安裝open***:
| 12345678 | tar-zxvf?open***-2.2.2.tar.gzcdopen***-2.2.2/./configure--prefix=/usr/local/open***&&?make&&?makeinstallmkdir-p?/etc/open***cd/root/open***-2.2.2cp-R?easy-rsa?/etc/open***cd/etc/open***/easy-rsa/2.0/cpvars?vars_bak |
7?修改vars的內(nèi)容信息:
| 1234567 | vim?vars###最下面修改內(nèi)容:exportKEY_COUNTRY="CN"exportKEY_PROVINCE="BJ"exportKEY_CITY="beijing"exportKEY_ORG="beijingidc"exportKEY_EMAIL="你的郵箱地址" |
8?生成服務(wù)器和客戶端需要的key文件:
| 123456 | source./vars./clean-all./build-caca./build-key-serverserver./build-dh/usr/local/open***/sbin/open***--genkey?--secret?keys/ta.key |
9?創(chuàng)建mysql用于***的賬號存放:
| 1234567891011121314151617181920 | ##啟動mysql:service?mysqld?restart###創(chuàng)建數(shù)據(jù)驗證信息:mysql>?create?database?***;Query?OK,?1row?affected?(0.00sec)mysql>?GRANT?ALL?ON?***.*?TO?***@localhost?IDENTIFIED?BY?'***123';Query?OK,?0rows?affected?(0.00sec)mysql>?flush?privileges;Query?OK,?0rows?affected?(0.00sec)mysql>?use***;Database?changedmysql>?CREATE?TABLE?***user?(->?name?char(20)?NOT?NULL,->?password?char(128)?defaultNULL,->?active?int(10)?NOT?NULL?DEFAULT?1,->?PRIMARY?KEY?(name)->?);Query?OK,?0rows?affected?(0.30sec)mysql>?insert?into?***user?(name,password)?values('user1',password('123456'));Query?OK,?1row?affected?(0.02sec) |
10?創(chuàng)建pam用于驗證:
| 12345678 | ###創(chuàng)建pam驗證配置文件:vim?/etc/pam.d/open***auth?sufficient?pam_mysql.so?user=***?passwd=***123?host=localhost?db=***?table=***user?usercolumn=name?passwdcolumn=password?where=active=1?sqllog=0?crypt=2account?required?pam_mysql.so?user=***?passwd=***123?host=localhost?db=***?table=***user?usercolumn=name?passwdcolumn=password?where=active=1?sqllog=0?crypt=2#crypt(0)?--?Used?to?decide?to?use?MySQL's?PASSWORD()?function?or?crypt()#0?=?No?encryption.?Passwords?in?database?in?plaintext.?NOT?recommended!#1?=?Use?crypt#2?=?Use?MySQL?PASSWORD()?function |
11?測試pam和mysql的連接:
| 12 | yum?installcyrus-sasl?cyrus-sasl-plain?cyrus-sasl-devel?cyrus-sasl-lib?cyrus-sasl-gssapi/etc/init.d/saslauthdrestart |
12?open***?2.0以上驗證會出問題,需要編譯低版本的模塊:
| 1234567 | wget?http://down1.chinaunix.net/distfiles/open***-2.0.7.tar.gztar-zxvf?open***-2.0.7.tar.gzcdopen***-2.0.7/./configurecdplugin/auth-pam/makecpopen***-auth-pam.so?/etc/open***/ |
13?測試連接:
| 123 | ###顯示如下內(nèi)容即為正常:[root@localhost?2.0]#?testsaslauthd?-u?user1?-p?123456?-s?open***0:?OK?"Success." |
14?創(chuàng)建并修改open***的配置文件:
| 1 | cp/opt/src/open***-2.2.2/sample-config-files/server.conf?/etc/open***/ |
15?配置文件的內(nèi)容如下(取出了所有的注釋部分)
| 12345678910111213141516171819202122232425 | vim?server.conf###內(nèi)容如下:port?1194proto?udpdev?tunca?/etc/open***/easy-rsa/2.0/keys/ca.crtcert?/etc/open***/easy-rsa/2.0/keys/server.crtkey?/etc/open***/easy-rsa/2.0/keys/server.keydh?/etc/open***/easy-rsa/2.0/keys/dh1024.pemtls-auth?/etc/open***/easy-rsa/2.0/keys/ta.key?0server?10.8.0.0?255.255.255.0ifconfig-pool-persist?ipp.txtpush?"redirect-gateway?def1"push?"dhcp-option?DNS?10.8.0.1"client-to-clientkeepalive?10?120comp-lzopersist-keypersist-tunstatus?open***-status.loglog?open***.logverb?3client-cert-not-requiredusername-as-common-nameplugin?./open***-auth-pam.so?/usr/local/open***/sbin/open*** |
16?開啟內(nèi)核路由轉(zhuǎn)發(fā):
| 123 | vim?/etc/sysctl.confnet.ipv4.ip_forward?=?0改成?net.ipv4.ip_forward?=?1sysctl?-p |
17?設(shè)置防火墻的端口轉(zhuǎn)發(fā):
| 123 | ###iptables?-t?nat?-A?POSTROUTING?-s?10.8.0.0/24?-j?SNAT?--to-source?服務(wù)器的ipiptables?-t?nat?-A?POSTROUTING?-s?10.8.0.0/24-o?eth0?-j?MASQUERADEiptables?-t?nat?-A?POSTROUTING?-s?10.8.0.0/24-j?SNAT?--to-source192.168.80.151 |
18?保存并重啟iptables:
| 12 | service?iptables?saveservice?iptables?restart |
19?創(chuàng)建啟動腳本:
| 1 | cp-f?/root/open***-2.2.2/sample-scripts/open***.init?/etc/init.d/open*** |
| 123456 | vim?/etc/init.d/open***###編譯安裝的需要將第69行改成:open***_locations="/usr/local/open***/sbin/open***?/usr/sbin/open***?/usr/local/sbin/open***"chkconfig?--add?open***chkconfig?open***?on/etc/init.d/open***start |
------------------至此服務(wù)端配置完成---------------
下載open***客戶端:
| 1 | http://swupdate.open***.org/community/releases/open***-2.2.1-install.exe |
客戶端的安裝配置:
在服務(wù)端操作將ca.crt?ca.key?ta.key?拷貝到客戶端的conf目錄下面:
C:\Program?Files?(x86)\Open×××\config
新建文件以.o***?為結(jié)尾,并輸入以下內(nèi)容(remote服務(wù)器外網(wǎng)網(wǎng)卡地址):
| 1234567891011121314 | clientdev?tunproto?udpremote?192.168.80.151?1194?##服務(wù)端的IPresolv-retry?infinitenobindpersist-keypersist-tunca?ca.crttls-auth?ta.key?1ns-cert-typeservercomp-lzoverb?5auth-user-pass |
撥號-->輸入mysql里面添加的用戶名:user1?123456?-->OK
右下角出現(xiàn)的2個小電腦?變成綠色的?即表示連接到open***服務(wù)器上,在本地cmd執(zhí)行ipconfig
查看是否得到了open***?設(shè)置的網(wǎng)段地址。
本文出自?“振興的空間”?博客,請務(wù)必保留此出處http://renzhenxing.blog.51cto.com/728846/1341147
?
轉(zhuǎn)載于:https://blog.51cto.com/ljl2013/1343615
總結(jié)
以上是生活随笔為你收集整理的open×××+Mysql+PAM构建强大的***系统的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: char与varchar区别(MYISA
- 下一篇: linux cmake编译源码,linu