Slide 1
Slide 1 text
QZBNB(.01&1"#0JOD
,*947PMΠϯϑϥ-5ͷࡇయ
ग़ձͬͯͰ͑Δ
45/4ͱ-JOVYͷ
ೝূج൫
Slide 2
Slide 2 text
IUUQTUFOTOBQPODPN
γχΞɾΤϯδχΞ
ࢁԼ!QZBNB
ϗεςΟϯάࣄۀ෦ϜʔϜʔυϝΠϯνʔϜ
Slide 3
Slide 3 text
-JOVYೝূج൫
1.
Slide 4
Slide 4 text
-JOVYೝূج൫
44)ϩάΠϯ
Ϣʔβʔ໊
άϧʔϓ໊ʁ
ύεϫʔυʁ
ެ։伴ʁ
Slide 5
Slide 5 text
-JOVYೝূج൫
w FUDQBTTXE
FUDHSPVQ
FUDTIBEPX
BVUIPSJ[FE@LFZT
w -%"1
w .Z42-
Slide 6
Slide 6 text
-JOVYೝূج൫
wFUDQBTTXE
FUDHSPVQ
FUDTIBEPX
BVUIPSJ[FE@LFZT
ˠVTFSBEE
HSPVQBEE
w-%"1
ˠ匠͕ඞཁ
w.Z42-
ˠϢʔβʔཧʹͰ͔͗͢Δ
Slide 7
Slide 7 text
-JOVYೝূج൫
ͷঊ ౦ͷঊ
ೆͷঊ
ͷঊ
ࣾͰαʔϏε͝ͱʹཚཱ͞Εͨ
-%"1ΛঊͷྗΛ૯݁ूͨ͠
ಉظεΫϦϓτͰ
-%"1ิܭըΛߦத
-%"1ΞτϦϏϡʔτ͕Ճ͘͢͠൚༻ੑ͕ߴ͍ͷͰɺ
ӡ༻͔ΒᷓΕɺཚཱ͞Εͯ͠·͍͕ͪ
Slide 8
Slide 8 text
ͲΕ͠ΜͲ͍͚Ͳ
Βͳ͖Ό͍͚ͳ͍
Slide 9
Slide 9 text
ଏͬΆ͍ͳ
Slide 10
Slide 10 text
IUUQTUOTKQ
Slide 11
Slide 11 text
45/4
w (PMBOH
w 5PNMܗࣜͷઃఆϑΝΠϧ
w +40/ΠϯλʔϑΣʔεͷαʔόɾΫϥΠΞϯτ
w 8SBQQFSΛࣗ༝ʹมߋͰ͖Δ ϓϥΨϒϧ
Slide 12
Slide 12 text
45/4
Slide 13
Slide 13 text
ίϯηϓτ
໊લղܾɺެ։伴औಘɺΞΧϯτೝূͷΈΛఏڙ
͢Δɻଟ͘ΛΒͣɺγϯϓϧʹอͭ͜ͱͰཧɺ
Έ߹ΘͤΛ༰қʹɻ
https://github.com/STNS/STNS
Slide 14
Slide 14 text
-JOVYϢʔβʔάϧʔϓͷ໊લղܾ
% ls -ltr
-rw-r--r-- 1 pyama wheel 0 May 8 00:09 hatena_pepabo.txt
% ls -ltr
-rw-r--r-- 1 1000 1000 0 May 8 00:09 hatena_pepabo.txt
id:1000 is pyama
Slide 15
Slide 15 text
w TVEPFST
w TTIE@DPOpH "MMPX(SPVQT
"MMPX6TFST
w QBNೝূ
-JOVYϢʔβʔάϧʔϓͷ໊લղܾ
Slide 16
Slide 16 text
ΞʔΩςΫνϟ
STNS
http(1104)
ls
libnss-stns
libpam-stns
query-wrapper
key-wrapper
/user/name/pyama
{
name:pyama,
id: 1000,
dir:/home/pyama
…
}
αʔόɾΫϥΠΞϯτؒhttpΛར༻ͨ͠
JSONܗࣜͷΠϯλʔϑΣʔε
Slide 17
Slide 17 text
ઃఆϑΝΠϧαʔό
QPSU
JODMVEF
FUDTUOTDPOGE
TBMU@FOBCMF
USVF
TUSFUDIJOH@OVNCFS
VTFS
lCBTJD@VTFS
QBTTXPSE
CBTJD@QBTTXPSE
JE
HSPVQ@JE
LFZT
<TTISTB99999ʜ>
JE
VTFST
<FYBNQMF>
QBTTXPSE
GEDEBGFBBDBEBCGGCCCDEEDCGB
Slide 18
Slide 18 text
ઃఆϑΝΠϧΫϥΠΞϯτ
api_end_point = ["http://:1104", "http://:1104"]
user = "basic_user"
password = "basic_password"
wrapper_path = "/usr/local/bin/stns-query-wrapper"
chain_ssh_wrapper = "/usr/libexec/openssh/ssh-ldap-wrapper"
ssl_verify = true
LDAPͱͷڞଘՄೳ
Slide 19
Slide 19 text
XSBQQFSίϚϯυ
$ stns-query-wrapper /user/name/pyama
{
"metadata": {
"api_version": 2,
"result": "success",
"min_id": 2000
},
"items": {
"pyama": {
"id": 10301,
"password": "",
"hash_type": "",
"group_id": 2000,
"directory": "",
"shell": "",
"gecos": "",
"keys": [
"ssh-rsa xxx"
],
"link_users": null
}
}
Slide 20
Slide 20 text
ಋೖ
w SQN
EFCڞʹCJU
CJU൛ͷఏڙ SFQPTUOTKQ
DVSMGT4-IUUQTSFQPTUOTKQTDSJQUTZVNSFQPTIcTI
ZVNJOTUBMMTUOTMJCOTTTUOTMJCQBNTUOT
IUUQTHJUIVCDPN45/4TUOTDPPLCPPL
IUUQTHJUIVCDPN45/4QVQQFUTUOT
w $IFG
1VQQFUͷΫοΫϒοΫɺϚχϑΣετΛఏڙ
1VQQFUϚχϑΣετ!IGN͕։ൃͯ͘͠Εͨ
Slide 21
Slide 21 text
ಋೖ
Πϯετʔϧʙ44)ެ։伴ೝূ·Ͱඵ
Slide 22
Slide 22 text
Ϣʔβʔཧ(JUIVC'MPX
(JUIVC&OUFSQSJTF͔ΒϢʔβʔσʔλΛ࡞͠ɺ1VMM3FRVFTU
ࣗಈςετɾਓͷʹΑΔϨϏϡʔ
σϓϩΠ
Slide 23
Slide 23 text
ӡ༻Πϝʔδ
nginx
stns
nginx
stns
/HJOYͰ44-Λऴͭͭ͠ɺ$BQJTUSBOPͳͲͷσϓϩΠπʔϧͰ
TUOTDPOGΛσϓϩΠ
Slide 24
Slide 24 text
ӡ༻Πϝʔδ
nginx
stns
nginx
stns
αʔόͷTUOTDPOGΛฤू͠ɺ4$1STZODͰಉظ
Slide 25
Slide 25 text
45/4ϘΫ͕։ൃऀͩͬͨ͠΄͏͕͍͍
w ࡶԽͮ͠Β͍పఈͨ͠γϯϓϧ͞
w γϯϓϧ͕ނʹ֦ுੑ͕ߴ͍
w ಋೖͷख͕ؒগͳ͍
w ຊޠυΩϡϝϯτͷఏڙɺ։ൃऀ͕ຊ࣌ؒʹ͍Δ
Slide 26
Slide 26 text
45/4ͰϢʔβʔཧΛ
࢝ΊΑ͏
Slide 27
Slide 27 text
5IBOLZPV