Upgrade to Pro — share decks privately, control downloads, hide ads and more …

出会って10分で伝えるSTNSとLinuxの 認証基盤

1b838da2065660793d5b26f2cdc32de7?s=47 Kazuhiko Yamashita
August 27, 2016
Technology
1
620

出会って10分で伝えるSTNSとLinuxの 認証基盤

[KIXS Vol.000 インフラLTの祭典]にてLTしたSTNSについての資料です。

1b838da2065660793d5b26f2cdc32de7?s=128

Kazuhiko Yamashita

August 27, 2016
Tweet

More Decks by Kazuhiko Yamashita

See All by Kazuhiko Yamashita
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
4
680
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
11
7.6k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
18
4.3k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
9
11k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
2
2.1k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
3
1.3k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
1
2k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
0
140
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
0
160

Other Decks in Technology

See All in Technology
C8b3d5eaa8c8a490a1530b9b5256a2a9?s=48 kaojiri
5
2.6k
C636093440dd4a8be6416e83cb980979?s=48 iselegant
12
11k
A6005d14224831116d088d2240df1990?s=48 yoshitake_1201
0
130
58ed7368f1de80df0b380087b19a4ac1?s=48 sugarcrm
PRO
0
120
8d6c54ebb889a5fe3f77b763d563fd9f?s=48 serinuntius
0
320
4e7f712e4bba241f579d3dc0eaf130d4?s=48 mito201
0
300
6ddc65998177a0f05be629dc31321a8f?s=48 kken78
0
120
A84b3c763c9c543069b7c02551e2720e?s=48 yuyamada
6
1.5k
3373c144fef1d3518b9b3f24a6b46ad0?s=48 lmi
1
530
325afd2c9db540c83485f509f2845acb?s=48 hiro_y
0
210
140494d272a4d89883a94fdfdb29dea2?s=48 oracle4engineer
PRO
0
260
A64ac825509279a770c13c6fc517f11a?s=48 kawaguti
0
300

Featured

See All Featured
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
104
11k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
35
3.7k
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
40
1.9k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
10
1k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
779
240k
78b475797a14c84799063c7cd073962f?s=48 holman
463
280k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
189
14k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
297
39k
24fc194843a71f10949be18d5a692682?s=48 gr2m
85
11k
Ef32e0b1ac5082450dc8c1fca3a26b5c?s=48 cherdarchuk
77
270k
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
24
4k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
167
19k

Transcript

  1. QZBNB(.01&1"#0JOD ,*947PMΠϯϑϥ-5ͷࡇయ ग़ձͬͯ෼Ͱ఻͑Δ 45/4ͱ-JOVYͷ ೝূج൫

  2. IUUQTUFOTOBQPODPN γχΞɾΤϯδχΞ ࢁԼ࿨඙!QZBNB ϗεςΟϯάࣄۀ෦ϜʔϜʔυϝΠϯνʔϜ

  3. -JOVYೝূج൫ 1.

  4. -JOVYೝূج൫ 44)ϩάΠϯ Ϣʔβʔ໊  άϧʔϓ໊ʁ ύεϫʔυʁ ެ։伴ʁ

  5. -JOVYೝূج൫ w FUDQBTTXE FUDHSPVQ FUDTIBEPX BVUIPSJ[FE@LFZT w -%"1 w .Z42-

  6. -JOVYೝূج൫ wFUDQBTTXE FUDHSPVQ FUDTIBEPX BVUIPSJ[FE@LFZT ˠVTFSBEE HSPVQBEE w-%"1 ˠ匠͕ඞཁ w.Z42-

    ˠϢʔβʔ؅ཧʹ͸Ͱ͔͗͢Δ

  7. -JOVYೝূج൫ ੢ͷঊ ౦ͷঊ ೆͷঊ ๺ͷঊ ๭ࣾͰ͸αʔϏε͝ͱʹཚཱ͞Εͨ -%"1ΛঊͷྗΛ૯݁ूͨ͠ ಉظεΫϦϓτͰ -%"1ิ׬ܭըΛ਱ߦத -%"1͸ΞτϦϏϡʔτ͕௥Ճ͠΍͘͢൚༻ੑ͕ߴ͍ͷͰɺ

    ӡ༻͔ΒᷓΕɺཚཱ͞Εͯ͠·͍͕ͪ

  8. ͲΕ΋͠ΜͲ͍͚Ͳ ΍Βͳ͖Ό͍͚ͳ͍

  9. ଏͬΆ͍ͳ

  10. IUUQTUOTKQ

  11. 45/4 w (PMBOH w 5PNMܗࣜͷઃఆϑΝΠϧ w +40/ΠϯλʔϑΣʔεͷαʔόɾΫϥΠΞϯτ w 8SBQQFSΛࣗ༝ʹมߋͰ͖Δ ϓϥΨϒϧ

  12. 45/4

  13. ίϯηϓτ ໊લղܾɺެ։伴औಘɺΞΧ΢ϯτೝূͷΈΛఏڙ ͢Δɻଟ͘Λ΍Βͣɺγϯϓϧʹอͭ͜ͱͰ؅ཧɺ ૊Έ߹ΘͤΛ༰қʹɻ https://github.com/STNS/STNS

  14. -JOVYϢʔβʔάϧʔϓͷ໊લղܾ % ls -ltr -rw-r--r-- 1 pyama wheel 0 May

    8 00:09 hatena_pepabo.txt % ls -ltr -rw-r--r-- 1 1000 1000 0 May 8 00:09 hatena_pepabo.txt id:1000 is pyama

  15. w TVEPFST w TTIE@DPOpH "MMPX(SPVQT "MMPX6TFST  w QBNೝূ -JOVYϢʔβʔάϧʔϓͷ໊લղܾ

  16. ΞʔΩςΫνϟ STNS http(1104) ls libnss-stns libpam-stns query-wrapper key-wrapper /user/name/pyama {

    name:pyama, id: 1000, dir:/home/pyama … } αʔόɾΫϥΠΞϯτؒ͸httpΛར༻ͨ͠ JSONܗࣜͷΠϯλʔϑΣʔε

  17. ઃఆϑΝΠϧαʔό QPSU JODMVEFFUDTUOTDPOGE  TBMU@FOBCMFUSVF TUSFUDIJOH@OVNCFS VTFSlCBTJD@VTFS QBTTXPSECBTJD@QBTTXPSE <VTFSTFYBNQMF> JE

    HSPVQ@JE LFZT<TTISTB99999ʜ> <HSPVQTFYBNQMF> JE VTFST<FYBNQMF> <TVEPFSTFYBNQMF> QBTTXPSE GEDEBGFBBDBEBCGGCCCDEEDCGB

  18. ઃఆϑΝΠϧΫϥΠΞϯτ api_end_point = ["http://<server-master>:1104", "http://<server-slave>:1104"] user = "basic_user" password =

    "basic_password" wrapper_path = "/usr/local/bin/stns-query-wrapper" chain_ssh_wrapper = "/usr/libexec/openssh/ssh-ldap-wrapper" ssl_verify = true LDAPͱͷڞଘ΋Մೳ

  19. XSBQQFSίϚϯυ $ stns-query-wrapper /user/name/pyama { "metadata": { "api_version": 2, "result":

    "success", "min_id": 2000 }, "items": { "pyama": { "id": 10301, "password": "", "hash_type": "", "group_id": 2000, "directory": "", "shell": "", "gecos": "", "keys": [ "ssh-rsa xxx" ], "link_users": null } }

  20. ಋೖ w SQN EFCڞʹCJU CJU൛ͷఏڙ SFQPTUOTKQ  DVSMGT4-IUUQTSFQPTUOTKQTDSJQUTZVNSFQPTIcTI ZVNJOTUBMMTUOTMJCOTTTUOTMJCQBNTUOT IUUQTHJUIVCDPN45/4TUOTDPPLCPPL

    IUUQTHJUIVCDPN45/4QVQQFUTUOT w $IFG 1VQQFUͷΫοΫϒοΫɺϚχϑΣετΛఏڙ  1VQQFUϚχϑΣετ͸!IGN͕։ൃͯ͘͠Εͨ 

  21. ಋೖ Πϯετʔϧʙ44)ެ։伴ೝূ·Ͱ෼ඵ

  22. Ϣʔβʔ؅ཧ΋(JUIVC'MPX (JUIVC&OUFSQSJTF͔ΒϢʔβʔσʔλΛ࡞੒͠ɺ1VMM3FRVFTU ࣗಈςετɾਓͷ໨ʹΑΔϨϏϡʔ σϓϩΠ

  23. ӡ༻Πϝʔδ nginx stns nginx stns /HJOYͰ44-Λऴ୺ͭͭ͠ɺ$BQJTUSBOPͳͲͷσϓϩΠπʔϧͰ TUOTDPOGΛσϓϩΠ

  24. ӡ༻Πϝʔδ nginx stns nginx stns αʔόͷTUOTDPOGΛ௚઀ฤू͠ɺ4$1΍STZODͰಉظ

  25. 45/4ϘΫ͕։ൃऀͩ͠࢖ͬͨ΄͏͕͍͍ w ൥ࡶԽͮ͠Β͍పఈͨ͠γϯϓϧ͞ w γϯϓϧ͕ނʹ֦ுੑ͕ߴ͍ w ಋೖͷख͕ؒগͳ͍ w ೔ຊޠυΩϡϝϯτͷఏڙɺ։ൃऀ͕೔ຊ࣌ؒʹ͍Δ

  26. 45/4ͰϢʔβʔ؅ཧΛ ࢝ΊΑ͏

  27. 5IBOLZPV