Slide 1
Slide 1 text
খాԝ(.01FQBCP
*OD
+VOF
:"1$'VLVPLB)BLBUBલʑࡇ ඇެࣜ
$MPVEHJUIVC࣌ͷ
-JOVYೝূΛ࣮ݱ͢Δ
0$501"44
Slide 2
Slide 2 text
ϓϦϯγύϧΤϯδχΞ
খాԝ!MJOZPXT
ٕज़෦ٕज़ج൫νʔϜ
IUUQUPNPIJTBPEBDPN
Slide 3
Slide 3 text
ʘʘɹΑ͏ͦ͜Ԭɹʗʗ
ʘɹΑ͏ͦ͜ϖύϘԬɹʗ
ࣸਅఏڙɿԬࢢ
Slide 4
Slide 4 text
-JOVYϢʔβೝূ
Ͳ͏͍ͯ͠·͔͢ʁ
Slide 5
Slide 5 text
-JOVYϢʔβ౷߹ཧͱ͍͑
๏ -%"1
๏ 3BEJVT
๏ "DUJWF%JSFDUPSZ
๏ 45/4ʢฐࣾϐʔࢁ࡞
Slide 6
Slide 6 text
ݖݶͷਃͱڐՄ
ଐਓԽ͓ͨ͠ࣄ
·ͨ
খنʹ
Slide 7
Slide 7 text
͕͜͜ෆຬ
๏ ϩάΠϯ͍͚ͨͩ͠ͳͷʹڐՄΒ͏ͷ͕େม
๏ ౷߹ཧ͍ͯ͠Δಾͷ৬ۀ͕ੜ·ΕΔ
๏ ৫ن͕େ͖͍ͱ݁ہ֤ॴͰཧ͞ΕΔ
๏ খ͘͞ཧ͍ͨ͠ͷʹαʔόͨͯͨΓԿ͔ͱ࡞ۀ
๏ ७ਮʹӡ༻͕໘
Slide 8
Slide 8 text
ࠓɺԿ͔͠Β
αʔόʹϩάΠϯ͠·ͨ͠ʁ
Slide 9
Slide 9 text
ʘͦ͏͍͏͜ͱͳΜͰ͢Αʗ
Slide 10
Slide 10 text
࣌తͳ͜ͱ
๏ ΦϯϓϨϛε͔ΒΫϥυ
๏ 3PMF)PTUɺ*OGSBTUSVDUVSFBT$PEF͕ී௨
๏ ίϯςφܕԾԽ͕ҰൠԽ
๏ )"ΫϥελʹΑΓϩάϞχλϦϯά͕֎
๏ αʔόϨεΞʔΩςΫνϟ
Slide 11
Slide 11 text
ෳࡶ͞සػձɺݮͬͨͱ͍͑
-JOVYϢʔβཧ
ͳ͘ͳΒͳ͍ΜͰ͢Α
Slide 12
Slide 12 text
΄Μͱ͏ʹΓ͍ͨ͜ͱ
๏ ݖݶɺҠৡʢେ౷Ұເ
๏ ֤෦ॺͰ-JOVYϢʔβΛҰݩཧ
๏ 44)ͷݤೝূ
๏ ཧ͕؆୯Ͱ͙͢өͰ͖Δ
Slide 13
Slide 13 text
΄͍͠ͷ࡞Δʂ
Slide 14
Slide 14 text
No content
Slide 15
Slide 15 text
1MFBTFEPO`UEPUIFTFUIJOHT
ʷ6TFUIF0DUPDBUPS(JU)VCMPHPGPSZPVSBQQMJDBUJPO`TJDPO
ʷ$SFBUFBNPEJpFEWFSTJPOPGUIF0DUPDBUPS(JU)VCMPHP
ʷ*OUFHSBUFUIF0DUPDBUPS(JU)VCMPHPJOUPZPVSMPHP
ʷ6TFBOZ(JU)VCBSUXPSLXJUIPVUQFSNJTTJPO
ʷ4FMMBOZ(JU)VCBSUXPSLXJUIPVUQFSNJTTJPO
ʷ$IBOHFUIFDPMPST
EJNFOTJPOTPSBEEZPVSPXOUFYUJNBHFT
IUUQTHJUIVCDPNMPHPT
Slide 16
Slide 16 text
No content
Slide 17
Slide 17 text
No content
Slide 18
Slide 18 text
Πϯετʔϧͱઃఆ
$ sudo apt-get install octopass
$ cat < /etc/octopass.conf
Token = "iad87dih122ce66a1e20a751664c8a9dkoak87g7"
Organization = "fukuokago"
Team = “operators”
EOF
$ sudo chown root:root /etc/octopass.conf
Slide 19
Slide 19 text
HJUIVC͔Β໊લ͕ͻ͚ɺݤ͕औΕΔ
$ id ken
uid=5458(ken) gid=2000(operators) groups=2000(operators)
$ octopass passwd
chun-li:x:14301:2000:managed by octopass:/home/chun-li:/bin/bash
dhalsim:x:8875:2000:managed by octopass:/home/dhalsim:/bin/bash
ken:x:5458:2000:managed by octopass:/home/ken:/bin/bash
$ octopass ken
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqUJvs1vRgHRMH9dpxYcBBV687njS2YrJ+oeIK…
Slide 20
Slide 20 text
΄͔ʹ
TTIE@DPOpH
QBNETTIE
OTTXJUDIDPOG
Λमਖ਼͢Δ͚ͩͰTTIϩάΠϯ͕
Ͱ͖ΔΑ͏ʹͳΔΜͰ͢
Slide 21
Slide 21 text
-JOVYೝূͷΈ
Slide 22
Slide 22 text
-JOVYೝূͷΈ
๏ ೝূ1".͕֤ೝূ࣮ͷΠϯλʔϑΣʔεͱͳ͍ͬͯΔ
๏ 1".1MVHHBCMF"VUIFOUJDBUJPO.PEVMF
๏ ϢʔβΛ/44Λ௨໊ͯ͠લղܾ͍ͯ͠Δ
๏ /44/BNF4FSWJDF4XJUDI
๏ IPTU
QBTTXE
HSPVQͳͲΛpMFT
ECͱ͍ͬͨݕࡧݩΛࢦఆ
Slide 23
Slide 23 text
OTTXJUDIDPOGFYBNQMF
passwd: files ldap
shadow: files
group: files ldap
hosts: dns nis files
ethers: files nis
…
Slide 24
Slide 24 text
QBNDPOGFYBNQMF
#%PAM-1.0
auth required pam_securetty.so
auth required pam_unix.so shadow nullok
auth required pam_nologin.so
account required pam_unix.so
password required pam_cracklib.so retry=3
password required pam_unix.so shadow nullok use_authtok
session required pam_unix.so
Slide 25
Slide 25 text
44)%
MJCQBN MJCOTT
QBN@VOJY QBN@ OTT@pMFT OTT@
44)%ͷ߹
ެ։ݤೝূ"VUIPSJ[FE,FZT$PNNBOE͕͑ɺVTFQBN͢Δ͜ͱͰۭύεϫʔ
υͰݤೝূͰ͖Δ
Slide 26
Slide 26 text
0$501"44Ͱ
ͨ͜͠ͱͱࠓޙͷ՝
Slide 27
Slide 27 text
ΞʔΩςΫνϟ
Slide 28
Slide 28 text
0$501"44Ͱͨ͜͠ͱ
๏ (JUIVC͕མͪͯͯಈ࡞͢Δ DBDIF
๏ ໊લղܾͳͷͰߴʹಈ࡞͢Δ DBDIF
๏ VOJUUFTUॻ͘ʢDSJUFSJPO
๏ ͪΖΜ౷߹ςετʢCBTIEFʜ
๏ ґଘੑΛݮΒ͢ʢMJCDVSMͱKBOTTPO
๏ ֤छEJTUQLHͷ࡞ΛࣗಈԽ EPDLFSDPNQPTF
Slide 29
Slide 29 text
0$501"44͕ղܾ͢Δ͜ͱ
๏(JUIVC5FBNʹΑΔ-JOVY6TFSͷ໊લղܾ
๏(JUIVC1VCMJD,FZTʹΑΔݤೝূ
๏(JUIVC1FSTPOBM5PLFOʹΑΔೝূ
Slide 30
Slide 30 text
ͨ͠՝
๏େنߏͰಋೖ͢Δͱ(JUIVC"1*ͷ
3BUF-JNJUͷ͔͔ͬͯ͠·͏
Ὃ
๏&UDE$POTVM,7ͰΩϟογϡΛڞ௨Խ
Slide 31
Slide 31 text
·ͱΊ
Slide 32
Slide 32 text
·ͱΊ
๏ -JOVYϢʔβೝূਐԽ͠ͳ͚ΕͳΒͳ͍͢͠
Δ͚ͩͰศརʹͳΔ
๏ ࢥͬͨΑΓ$ා͘ͳ͍͠৭ʑษڧʹͳΔ
๏ 0$501"44ຊʹศརͳͷͰͬͯΈͯ
Slide 33
Slide 33 text
܅ϖύϘͰಇ͔ͳ͍͔ʁ
࠷৽ͷ࠾༻ใΛνΣοΫˠ !QC@SFDSVJU
Slide 34
Slide 34 text
͋Γ͕ͱ͏͍͟͝·ͨ͠