Slide 1

Slide 1 text

ʙޒ݄Ӎɺޒ݄පɺʹΜ͡ΌΓ͹Μ͹Μ൛ʙ !QZBNB(.01FQBCP *OD ۝भΠϯϑϥަྲྀษڧձ ,JYT 7PM 1".UIJOH&MTF

Slide 2

Slide 2 text

IUUQTUFOTOBQPODPN νʔϑςΫχΧϧϦʔυ ࢁԼ࿨඙!QZBNB ϗεςΟϯάࣄۀ෦

Slide 3

Slide 3 text

IUUQTUOTKQ

Slide 4

Slide 4 text

1MVHHBCMF "VUIFOUJDBUJPO .PEVMF

Slide 5

Slide 5 text

,11࠷ߴʂ͍݁ࠗͨ͠ʂ 1".֓ཁ ϓϥΨϒϧͳΠϯλʔϑΣʔε ࣗ༝ɺͦͯ͠ɺͦͷઌʹ

Slide 6

Slide 6 text

1". $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so

Slide 7

Slide 7 text

1". TTI 1". -%"1 45/4 FUDTIBEPX TVEP MPHJO ΞϓϦέʔγϣϯ͔Βݟͨೝূͷந৅Խ "QQMJDBUJPO #BDLFOE

Slide 8

Slide 8 text

1". $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so 1".ͷઃఆ͸ύʔτͰߏ੒͞ΕΔ

Slide 9

Slide 9 text

λΠϓ $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so

Slide 10

Slide 10 text

λΠϓ λΠϓ ར༻έʔε BVUI Ϣʔβʔೝূ࣌ʹར༻ɻ-%"1΍45/4ͷར༻ͳͲ BDDPVOU ΞΧ΢ϯτͷ༗ޮظؒͱ͔ɺύεϫʔυͷมߋظؒͷϚωδϝϯτͳͲ QBTTXE ύεϫʔυͷมߋ࣌ͳͲʹɺύεϫʔυͷจࣈ਺΍ɺେจࣈখจࣈͷ ϙϦγʔΛ؅ཧͨ͠Γ͢Δ TFTTJPO ϩάΠϯޙʹσΟϨΫτϦΛ࡞੒΍5FSNJOBMϩάͷ։࢝ͳͲ

Slide 11

Slide 11 text

੍ޚϑϥά $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so ੍ޚϑϥά͸ఆٛॱʹ্͔ΒԼ΁ධՁ͞ΕΔ

Slide 12

Slide 12 text

੍ޚϑϥά ϑϥά ಺༰ SFRVJSFE ඞͣ੒ޭ͢Δඞཁ͕͋Δ͕ɺࣦഊͯ͠΋ॲཧ͸ܧଓ͞ΕΔɻ ࣦഊͨ͠৔߹ͷ໭Γ஋͸ɺ࠷ॳʹࣦഊͨ͠Ϟδϡʔϧͷ໭Γ஋͕࠾༻͞ΕΔ SFRVJTJUF ඞͣ੒ޭ͢Δඞཁ͕͋ΔɻSFRVSFEͱҟͳΓɺࣦഊ͢Δͱॲཧ͸ͦͷ࣌఺Ͱɺதஅ͢Δ TV⒏DJFOU SFRVJSFE͕ࣦഊ͍ͯ͠ͳ͍৔߹ʹɺ੒ޭ͢Δͱͦͷ࣌఺Ͱ੒ޭͱΈͳ͠ɺॲཧΛதஅ͢Δ PQUJPOBM ௨ৗ͸੒൱Λແࢹ͢Δ͕ɺଞͷϑϥά͕ͳ͍৔߹ɺPQUJPOBMͷ݁Ռ͕ར༻͞ΕΔ

Slide 13

Slide 13 text

੍ޚϑϥά ϑϥά ࣦഊͨ͠৔߹ͷ ޙଓॲཧ ੒ޭͨ͠৔߹ͷ ޙଓॲཧ ੒ޭ৚݅ ࣦഊ৚݅ SFRVJSFE ܧଓ ܧଓ શͯ੒ޭ ҰͭͰ΋ࣦഊ SFRVJTJUF தஅ ܧଓ શͯ੒ޭ ҰͭͰ΋ࣦഊ TV⒏DJFOU ܧଓ தஅ ҰͭͰ΋੒ޭ શࣦͯഊ PQUJPOBM ܧଓ ܧଓ SFRVJSF SFRVJTJUF͕ଘ ࡏ͠ͳ͍৔߹Ͱ੒ޭ ͳ͠

Slide 14

Slide 14 text

੍ޚϑϥά $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so QBN@FOWTPͷ؀ڥม਺ಡΈࠐΈ͸੒ޭ͢Δඞཁ͕͋Δ QBN@GQSJOUETPʹΑΔࢦ໲ೝূʹ੒ޭͨ͠Βɺଈ࣌ೝূ͸੒ޭ QBN@VOJYTPʹΑΔFUDTIBEPXͷύεϫʔυೝূʹ੒ޭͨ͠Βɺଈ࣌ೝূ͸੒ޭ QBN@TVDDFFE@JGTPʹΑΓɺVJE͕Ҏ্Ͱ͋Δඞཁ͕͋Δ QBN@EFOZTPʹΑΓશͯͷೝূ͕ڋ൱͞ΕΔ

Slide 15

Slide 15 text

Ϟδϡʔϧ $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so

Slide 16

Slide 16 text

Ϟδϡʔϧ

Slide 17

Slide 17 text

QBN@VOJYTPOVMMPLUSZ@pSTU@QBTT

Slide 18

Slide 18 text

QBN@VOJYTPOVMMPLUSZ@pSTU@QBTT Ϟδϡʔϧ Ҿ਺

Slide 19

Slide 19 text

TP4IBSFE0CKFDU

Slide 20

Slide 20 text

4IBSFE0CKFDU IBZTP 3VCZIFZ 1)1IFZ (PMBOHIFZ $MBOHIFZ JODMVEFTUEJPI WPJEIBZ \ QSJOUG )FMMP 5BLBEBz ^ 4IBSFE0CKFDU͸৭ʑͳݴޠ͔Β#JOEJOHͯ͠ɺ$BMM͢Δ͜ͱ͕ग़དྷΔ

Slide 21

Slide 21 text

3VCZͷ৔߹ [ require "ffi" module Fib extend FFI::Library ffi_lib "hey.so" attach_function :hey end puts Fib.hay # => Hello, Takada!

Slide 22

Slide 22 text

୤ઢMEE MEEίϚϯυͰର৅ͷόΠφϦ͕ϦϯΫ͍ͯ͠Δ 4IBSFE0CKFDUΛ֬ೝ͢Δ͜ͱ͕ग़དྷ·͢ɻ Α͘࢖͏έʔε͸ɺύοέʔδϚωʔδϟʔͰೖΕͨ TP͔ΒιʔεΠϯετʔϧ͞ΕͨTPʹ࠶ϦϯΫ͢Δ ৔߹ͳͲʹར༻͢Δ

Slide 23

Slide 23 text

͞Βʹ୤ઢ&-'ϔομ -JOVYͷඪ४όΠφϦϑΥʔϚοτͰ͋Δ&-'ͷϔομΛݟΔͱɺ Ͳͷϝιου͕ར༻ՄೳͰ͋Δ͔ΛݟΔ͜ͱ͕ग़དྷΔ

Slide 24

Slide 24 text

QBN@VOJYTPOVMMPLUSZ@pSTU@QBTT Ϟδϡʔϧ Ҿ਺ ݺͼग़͞ΕΔϝιου͸ʁ

Slide 25

Slide 25 text

ݺͼग़͞ΕΔϝιου͸λΠϓ͝ͱʹҟͳΔ λΠϓ ϝιου BVUI QBN@TN@BVUIFOUJDBUF BDDPVOU QBN@TN@BDDU@NHNU QBTTXPSE QBN@TN@DIBVUIUPL TFTTJPO QBN@TN@PQFO@TFTTJPO QBN@TN@DMPTF@TFTTJPO 1".@&95&3/JOU QBN@TN@BVUIFOUJDBUF QBN@IBOEMF@UQBNI JOUqBHT JOUBSHD DPOTUDIBSBSHW<> \ QBN@HFU@VTFS QBNI VTFS /6-- JG VTFSL@OJTIJEB SFUVSO 1".@"65)@&33 ^ OVMMPL USZ@pSTU@QBTTͷΑ͏ͳ Ҿ਺͸ BSHW͔ΒऔಘՄೳ

Slide 26

Slide 26 text

1". $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so QBN@FOWTP͸QBN@TN@BVUIFOUJDBUF͕࣮૷͞Ε͓ͯΓɺ QBN@MPDBMVTFSTPʹ͸QBN@TN@BDDU@NHNU͕࣮૷͞Ε͍ͯΔ

Slide 27

Slide 27 text

45/4ͷ৔߹ QBN@TUOTTP 45/4 MPHJOTVEPFUD JE HSPVQ@JE EJSFDUPSZIPNFFYBNQMF QBTTXPSE;CD&6XR-8.D7 45/4Ͱ͸MPHJO΍TVEP͔ΒBVUIλΠϓΛར༻ͯ͠ɺ ύεϫʔυೝূΛ)5514ͷ௨৴Ͱ࣮ݱ͍ͯ͠Δ HFU SFTQPOTF QBN@TN@BVUIFOUJDBUF

Slide 28

Slide 28 text

͜ͷੈʹ͸1".ʹ࢖ΘΕΔଆͷਓؒͱ 1".Λ࢖͏ଆͷਓ͕͍ؒΔ CZΞϧηʔψɾϐϠϚ

Slide 29

Slide 29 text

࢖͏ଆʹͳΔʹ͸ wIUUQXXXMJOVYQBNPSH-JOVY1".IUNM-JOVY1".@"%(IUNM wఆٛ͞ΕͨαʔϏε໊ʹج͖ͮɺFUDQBNEαʔϏε໊͕ࢀর͞ΕΔ QBN@TUBSU lαʔϏε໊z VTFS TUPSF@DPOW TTIQBN@IBOEMF ʜ QBN@BVUIFOUJDBUF TTIQBN@IBOEMF qBHT ʜ QBN@FOE TTIQBN@IBOEMF TTIQBN@FSS

Slide 30

Slide 30 text

44)ͷ৔߹ɺͲͷΑ͏ʹར༻͞Ε͍ͯΔ͔ λΠϓ ϝιου ༻్ BVUI QBN@BVUIFOUJDBUF TTIEͷύεϫʔυೝূʹར༻ɻެ։伴ೝূͳͲͰ͸ར༻͍ͯ͠ͳ ͍ɻ BDDPVOU QBN@BDDU@NHNU TTIEͷೝূޙʹར༻ QBTTXPSE QBN@DIBVUIUPL TTIͰQUZΛ։͘ࡍʹɺBDDPVOUͰύεϫʔυͷ༗ޮظݶ͕੾Ε͍ͯ ͨ৔߹ͳͲʹར༻ TFTTJPO QBN@PQFO@TFTTJPO QBN@DMPTF@TFTTJPO TTIEͷηογϣϯ։ด࣌ʹར༻

Slide 31

Slide 31 text

ͨͩɺ$ݴޠͱ͔ॻ͚ͳ͍ͱɺ ࢖͑ͳ͍͡Όͳ͍Ͱ͔͢ʁ ·͋๻͸ॻ͖·͚͢Ͳɺ๻͸Ͷ

Slide 32

Slide 32 text

(PMBOH

Slide 33

Slide 33 text

HPCVJMECVJMENPEFDTIBSFE Go 1.5Ҏ߱ͳΒ͹CGOΛར༻͠ڞ༗ϥΠϒϥϦΛ࡞੒Մೳ package main /* #include #include */ import "C" //export pam_sm_authenticate func pam_sm_authenticate(pamh *C.pam_handle_t, flags C.int, argc C.int, argv **C.char) C.int { return C.PAM_SUCCESS }

Slide 34

Slide 34 text

NSVCZ

Slide 35

Slide 35 text

NSVCZ wܰྔ3VCZ wόΠφϦπʔϧΛ࡞੒Ͱ͖ͨΓɺ"QBDIFɺOHJOYͷϞδϡʔϧʹ૊ΈࠐΜͩΓ ͢Δ͜ͱ͕ग़དྷΔ w3VCZͱͷߟ͑ํͷҧ͍ͱͯ͠ɺ3VCZ͸(FNΛར༻ͯ͠ɺݺͼग़͠ઌͷϥΠϒ ϥϦͱ֦ͯ͠ு͍͕ͯ͘͠ɺNSVCZ͸NHFNͱ͍͏࢓૊ΈͰόΠφϦͦͷ΋ͷ Λ֦ு͢Δ 3VCZ IUUQ PQFOTTM NSVCZ IUUQ PQFOTTM

Slide 36

Slide 36 text

IUUQRJJUBDPNVE[VSBJUFNTBDDEBBDB

Slide 37

Slide 37 text

MJCQBNNSVCZ MJCQBNNSVCZTP BVUI EFGBVUIFOUJDBUF VTFSOBNF QBTTXPSE VTFSOBNFbQZBNB` QBTTXPSEQ!TTXPSE FOE ೚ҙͷ3VCZεΫϦϓτΛ࣮ߦ͢Δࣄ͕Ͱ͖ΔͷͰɺ3VCZͰ࣮ݱग़དྷΔൣ ғͰࣗ༝ʹ֦ு͢Δ͜ͱ͕ग़དྷΔ (JU)VCɺ'BDF#PPLͷΑ͏ͳ֎෦αʔϏεͰೝূɺཁૉೝূFUDʜ

Slide 38

Slide 38 text

·ͱΊ

Slide 39

Slide 39 text

FUDQBNE999͸೉͘͠ͳ͍

Slide 40

Slide 40 text

1".ʹ͸·ͩ·ͩՄೳੑ͕ͨ͘͞Μ

Slide 41

Slide 41 text

-%"1 45/4 :VCJLFZ

Slide 42

Slide 42 text

͜͏͍͏ೝূ໘ന͍͔΋ʁ

Slide 43

Slide 43 text

ϩάΠϯͨ͠ޙɺ ͜͏͍͏ࣄͰ͖ͨΒศར͔΋ʁ

Slide 44

Slide 44 text

8SJUFUIFDPEF$IBOHFUIFXPSME

Slide 45

Slide 45 text

܅΋ϖύϘͰಇ͔ͳ͍͔ʁ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU