Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * install sssd and sssd client
- * install krb5-workstation and openldap-client
- * update sssd.conf and set ownership to root + chmod 600
- * update krb5.conf with details
- * update ldap.conf file
- * ldap certificate
- * update ssshd_config and ssh_config with extra properties
- * put keytab for admin creds in /etc/krb5.conf
- * run authconfig --update --enablesssd --enablesssdauth (updates the nsswitch file to have sss)
- * restart all related services.
- yum install -y sssd sssd-client krb5-workstation openldap-clients
- mv sssd.conf /etc/sssd/
- chown root:root /etc/sssd/sssd.conf
- chmod 600 /etc/sssd/sssd.conf
- mv krb5.conf /etc/
- mv krb5.keytab /etc/
- mv ldap.conf /etc/openldap/
- mv x.boardreader.com.ca /etc/openldap/certs/
- mv sshd_config /etc/ssh/
- vi /etc/ssh/sshd_config
- #SSSD Configs from Invinco
- GSSAPIKeyExchange yes
- GSSAPICleanupCredentials no
- GSSAPIStrictAcceptorCheck no
- GSSAPIStoreCredentialsOnRekey yes
- vi /etc/ssh/ssh_config
- #SSD Configs
- GSSAPIDelegateCredentials yes
- GSSAPIKeyExchange yes
- GSSAPIRenewalForcesRekey yes
- GSSAPITrustDNS yes
- authconfig --update --enablesssd --enablesssdauth --enablemkhomedir
- ambari-server setup-pam --pam-config-file /etc/pam.d/login --pam-auto-create-groups true
- ambari-server sync-pam
- pam.group.cluster.user=sg_dev
Add Comment
Please, Sign In to add comment