The OCTOPASS is linux user mangement tool for cloud or github generation

খా஌ԝ(.01FQBCP *OD
+VOF :"1$'VLVPLB)BLBUBલʑ໷ࡇ ඇެࣜ
$MPVEHJUIVC࣌୅ͷ
-JOVYೝূΛ࣮ݱ͢Δ
0$501"44

View Slide

ϓϦϯγύϧΤϯδχΞ
খా஌ԝ!MJOZPXT
ٕज़෦ٕज़ج൫νʔϜ
IUUQUPNPIJTBPEBDPN

View Slide

ʘʘɹΑ͏ͦ͜෱Ԭɹʗʗ
ʘɹΑ͏ͦ͜ϖύϘ෱Ԭ΁ɹʗ
ࣸਅఏڙɿ෱Ԭࢢ

View Slide

-JOVYϢʔβೝূ
Ͳ͏͍ͯ͠·͔͢ʁ

View Slide

-JOVYϢʔβ౷߹؅ཧͱ͍͑͹
๏ -%"1
๏ 3BEJVT
๏ "DUJWF%JSFDUPSZ
๏ 45/4ʢฐࣾϐʔࢁ࡞

View Slide

ݖݶͷਃ੥ͱڐՄ
ଐਓԽ͓ͨ͠࢓ࣄ
·ͨ͸
খن໛ʹ͸৑௕

View Slide

͕͜͜ෆຬ
๏ ϩάΠϯ͍͚ͨͩ͠ͳͷʹڐՄ΋Β͏ͷ͕େม
๏ ౷߹؅ཧ͍ͯ͠Δಾͷ৬ۀ͕ੜ·ΕΔ
๏ ૊৫ن໛͕େ͖͍ͱ݁ہ֤ॴͰ؅ཧ͞ΕΔ
๏ খ͘͞؅ཧ͍ͨ͠ͷʹαʔόͨͯͨΓԿ͔ͱ࡞ۀ
๏ ७ਮʹӡ༻͕໘౗

View Slide

ࠓ೔ɺԿ͔͠Β
αʔόʹϩάΠϯ͠·ͨ͠ʁ

View Slide

ʘͦ͏͍͏͜ͱͳΜͰ͢Αʗ

View Slide

࣌୅తͳ͜ͱ
๏ ΦϯϓϨϛε͔ΒΫϥ΢υ
๏ 3PMF)PTUɺ*OGSBTUSVDUVSFBT$PEF͕ී௨
๏ ίϯςφܕԾ૝Խ͕ҰൠԽ
๏ )"ΫϥελʹΑΓϩάϞχλϦϯά͕֎΁
๏ αʔόϨεΞʔΩςΫνϟ

View Slide

ෳࡶ͞ස౓ػձɺݮͬͨͱ͸͍͑
-JOVYϢʔβ؅ཧ͸
ͳ͘ͳΒͳ͍ΜͰ͢Α

View Slide

΄Μͱ͏ʹ΍Γ͍ͨ͜ͱ
๏ ݖݶ෼཭ɺҠৡʢେ౷Ұ͸ເ
๏ ֤෦ॺͰ-JOVYϢʔβΛҰݩ؅ཧ
๏ 44)ͷݤೝূ
๏ ؅ཧ͕؆୯Ͱ͙͢൓өͰ͖Δ

View Slide

΄͍͠΋ͷ͸࡞Δʂ

View Slide

View Slide

1MFBTFEPO`UEPUIFTFUIJOHT
ʷ6TFUIF0DUPDBUPS(JU)VCMPHPGPSZPVSBQQMJDBUJPO`TJDPO
ʷ$SFBUFBNPEJpFEWFSTJPOPGUIF0DUPDBUPS(JU)VCMPHP
ʷ*OUFHSBUFUIF0DUPDBUPS(JU)VCMPHPJOUPZPVSMPHP
ʷ6TFBOZ(JU)VCBSUXPSLXJUIPVUQFSNJTTJPO
ʷ4FMMBOZ(JU)VCBSUXPSLXJUIPVUQFSNJTTJPO
ʷ$IBOHFUIFDPMPST EJNFOTJPOTPSBEEZPVSPXOUFYUJNBHFT
IUUQTHJUIVCDPNMPHPT

View Slide

View Slide

Πϯετʔϧͱઃఆ
$ sudo apt-get install octopass
$ cat < /etc/octopass.conf
Token = "iad87dih122ce66a1e20a751664c8a9dkoak87g7"
Organization = "fukuokago"
Team = “operators”
EOF
$ sudo chown root:root /etc/octopass.conf

View Slide

HJUIVC͔Β໊લ͕ͻ͚ɺݤ͕औΕΔ
$ id ken
uid=5458(ken) gid=2000(operators) groups=2000(operators)
$ octopass passwd
chun-li:x:14301:2000:managed by octopass:/home/chun-li:/bin/bash
dhalsim:x:8875:2000:managed by octopass:/home/dhalsim:/bin/bash
ken:x:5458:2000:managed by octopass:/home/ken:/bin/bash
$ octopass ken
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqUJvs1vRgHRMH9dpxYcBBV687njS2YrJ+oeIK…

View Slide

΄͔ʹ
[email protected] QBNETTIE OTTXJUDIDPOG
Λमਖ਼͢Δ͚ͩͰTTIϩάΠϯ͕
Ͱ͖ΔΑ͏ʹͳΔΜͰ͢

View Slide

-JOVYೝূͷ࢓૊Έ

View Slide

-JOVYೝূͷ࢓૊Έ
๏ ೝূ͸1".͕֤ೝূ࣮૷ͷΠϯλʔϑΣʔεͱͳ͍ͬͯΔ
๏ 1".1MVHHBCMF"VUIFOUJDBUJPO.PEVMF
๏ ϢʔβΛ/44Λ௨໊ͯ͠લղܾ͍ͯ͠Δ
๏ /44/BNF4FSWJDF4XJUDI
๏ IPTU QBTTXE HSPVQͳͲΛpMFT ECͱ͍ͬͨݕࡧݩΛࢦఆ

View Slide

OTTXJUDIDPOGFYBNQMF
passwd: files ldap
shadow: files
group: files ldap
hosts: dns nis files
ethers: files nis
…

View Slide

QBNDPOGFYBNQMF
#%PAM-1.0
auth required pam_securetty.so
auth required pam_unix.so shadow nullok
auth required pam_nologin.so
account required pam_unix.so
password required pam_cracklib.so retry=3
password required pam_unix.so shadow nullok use_authtok
session required pam_unix.so

View Slide

44)%
MJCQBN MJCOTT
[email protected] [email protected] [email protected] [email protected]
44)%ͷ৔߹
ެ։ݤೝূ͸"VUIPSJ[FE,FZT$PNNBOE͕࢖͑ɺVTFQBN͢Δ͜ͱͰۭύεϫʔ
υͰ΋ݤೝূͰ͖Δ

View Slide

0$501"44Ͱ
޻෉ͨ͜͠ͱͱࠓޙͷ՝୊

View Slide

ΞʔΩςΫνϟ

View Slide

0$501"44Ͱ޻෉ͨ͜͠ͱ
๏ (JUIVC͕མͪͯͯ΋ಈ࡞͢Δ DBDIF
๏ ໊લղܾͳͷͰߴ଎ʹಈ࡞͢Δ DBDIF
๏ VOJUUFTUॻ͘ʢDSJUFSJPO
๏ ΋ͪΖΜ౷߹ςετʢCBTIEFʜ
๏ ґଘੑΛݮΒ͢ʢMJCDVSMͱKBOTTPO
๏ ֤छEJTUQLHͷ࡞੒ΛࣗಈԽ EPDLFSDPNQPTF

View Slide

0$501"44͕ղܾ͢Δ͜ͱ
๏(JUIVC5FBNʹΑΔ-JOVY6TFSͷ໊લղܾ
๏(JUIVC1VCMJD,FZTʹΑΔݤೝূ
๏(JUIVC1FSTPOBM5PLFOʹΑΔೝূ

View Slide

࢒ͨ͠՝୊
๏େن໛ߏ੒Ͱಋೖ͢Δͱ(JUIVC"1*ͷ
3BUF-JNJUͷ͔͔ͬͯ͠·͏
Ὃ
๏&UDE΍$POTVM,7ͰΩϟογϡΛڞ௨Խ

View Slide

·ͱΊ

View Slide

·ͱΊ
๏ -JOVYϢʔβೝূ΋ਐԽ͠ͳ͚Ε͹ͳΒͳ͍͠޻෉͢
Δ͚ͩͰศརʹͳΔ
๏ ࢥͬͨΑΓ$ා͘ͳ͍͠৭ʑษڧʹͳΔ
๏ 0$501"44ຊ౰ʹศརͳͷͰ࢖ͬͯΈͯ

View Slide

܅΋ϖύϘͰಇ͔ͳ͍͔ʁ
࠷৽ͷ࠾༻৘ใΛνΣοΫˠ [email protected]

View Slide

͋Γ͕ͱ͏͍͟͝·ͨ͠

View Slide

The OCTOPASS is linux user mangement tool for cloud or github generation

The OCTOPASS is linux user mangement tool for cloud or github generation

linyows

More Decks by linyows

Other Decks in Programming

Featured

Transcript