Upgrade to Pro — share decks privately, control downloads, hide ads and more …

出会って10分で伝えるSTNSとLinuxの 認証基盤

1b838da2065660793d5b26f2cdc32de7?s=47 Kazuhiko Yamashita
August 27, 2016
Technology
1
610

出会って10分で伝えるSTNSとLinuxの 認証基盤

[KIXS Vol.000 インフラLTの祭典]にてLTしたSTNSについての資料です。

1b838da2065660793d5b26f2cdc32de7?s=128

Kazuhiko Yamashita

August 27, 2016
Tweet

More Decks by Kazuhiko Yamashita

See All by Kazuhiko Yamashita
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
4
410
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
11
7.5k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
18
4.1k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
9
10k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
2
1.9k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
3
1.2k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
1
1.9k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
0
130
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
0
150

Other Decks in Technology

See All in Technology
6ac7c50770603b53964d44db373e8e48?s=48 willnet
12
4k
3a95702770e66754d87b824c1400054f?s=48 oliva
7
1k
991fe792d878a5ae41bdc4d0c9ee18cb?s=48 hagyyyy
0
160
Beafdc24782daf082834d6722cc97c8f?s=48 andysumi
0
160
93c80c388fe9d8f9df7d030549a0ff0b?s=48 chaspy
6
1.2k
Cc568a0b1284645f9fb927b2343eb87e?s=48 youtalk
0
310
0d29d155ce5c5a93ed46363626da3ea7?s=48 ocise
1
1.8k
04ed942e4752bcefd412a04f6380fb13?s=48 azara
1
840
E2b74c9e19b501ba31419fc6a1f8548f?s=48 hito58
1
730
Dcbf2269af2483cabf43128ad1718c11?s=48 grapecity_dev
0
130
Ff7f1f76468f46a1c5c84b9238a4b162?s=48 miyake
1
400
7c3b3366947123ba6772698b09edf4e2?s=48 subroh0508
4
220

Featured

See All Featured
78b475797a14c84799063c7cd073962f?s=48 holman
448
130k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
683
180k
168ccec72eee0530b818d44f3fedaacf?s=48 shlominoach
176
7.5k
E195ae45320d9202eaa01c9f1d31a416?s=48 marktimemedia
7
390
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
31
3.4k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
242
21k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
8
710
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
207
10k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
1346
190k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
113
25k
7edec06b5435e0dac07a353b2cc26253?s=48 geeforr
332
29k
F29327647a9cff5c69618bae420792ea?s=48 tenderlove
53
3.5k

Transcript

  1. QZBNB(.01&1"#0JOD ,*947PMΠϯϑϥ-5ͷࡇయ ग़ձͬͯ෼Ͱ఻͑Δ 45/4ͱ-JOVYͷ ೝূج൫

  2. IUUQTUFOTOBQPODPN γχΞɾΤϯδχΞ ࢁԼ࿨඙!QZBNB ϗεςΟϯάࣄۀ෦ϜʔϜʔυϝΠϯνʔϜ

  3. -JOVYೝূج൫ 1.

  4. -JOVYೝূج൫ 44)ϩάΠϯ Ϣʔβʔ໊  άϧʔϓ໊ʁ ύεϫʔυʁ ެ։伴ʁ

  5. -JOVYೝূج൫ w FUDQBTTXE FUDHSPVQ FUDTIBEPX BVUIPSJ[FE@LFZT w -%"1 w .Z42-

  6. -JOVYೝূج൫ wFUDQBTTXE FUDHSPVQ FUDTIBEPX BVUIPSJ[FE@LFZT ˠVTFSBEE HSPVQBEE w-%"1 ˠ匠͕ඞཁ w.Z42-

    ˠϢʔβʔ؅ཧʹ͸Ͱ͔͗͢Δ

  7. -JOVYೝূج൫ ੢ͷঊ ౦ͷঊ ೆͷঊ ๺ͷঊ ๭ࣾͰ͸αʔϏε͝ͱʹཚཱ͞Εͨ -%"1ΛঊͷྗΛ૯݁ूͨ͠ ಉظεΫϦϓτͰ -%"1ิ׬ܭըΛ਱ߦத -%"1͸ΞτϦϏϡʔτ͕௥Ճ͠΍͘͢൚༻ੑ͕ߴ͍ͷͰɺ

    ӡ༻͔ΒᷓΕɺཚཱ͞Εͯ͠·͍͕ͪ

  8. ͲΕ΋͠ΜͲ͍͚Ͳ ΍Βͳ͖Ό͍͚ͳ͍

  9. ଏͬΆ͍ͳ

  10. IUUQTUOTKQ

  11. 45/4 w (PMBOH w 5PNMܗࣜͷઃఆϑΝΠϧ w +40/ΠϯλʔϑΣʔεͷαʔόɾΫϥΠΞϯτ w 8SBQQFSΛࣗ༝ʹมߋͰ͖Δ ϓϥΨϒϧ

  12. 45/4

  13. ίϯηϓτ ໊લղܾɺެ։伴औಘɺΞΧ΢ϯτೝূͷΈΛఏڙ ͢Δɻଟ͘Λ΍Βͣɺγϯϓϧʹอͭ͜ͱͰ؅ཧɺ ૊Έ߹ΘͤΛ༰қʹɻ https://github.com/STNS/STNS

  14. -JOVYϢʔβʔάϧʔϓͷ໊લղܾ % ls -ltr -rw-r--r-- 1 pyama wheel 0 May

    8 00:09 hatena_pepabo.txt % ls -ltr -rw-r--r-- 1 1000 1000 0 May 8 00:09 hatena_pepabo.txt id:1000 is pyama

  15. w TVEPFST w TTIE@DPOpH "MMPX(SPVQT "MMPX6TFST  w QBNೝূ -JOVYϢʔβʔάϧʔϓͷ໊લղܾ

  16. ΞʔΩςΫνϟ STNS http(1104) ls libnss-stns libpam-stns query-wrapper key-wrapper /user/name/pyama {

    name:pyama, id: 1000, dir:/home/pyama … } αʔόɾΫϥΠΞϯτؒ͸httpΛར༻ͨ͠ JSONܗࣜͷΠϯλʔϑΣʔε

  17. ઃఆϑΝΠϧαʔό QPSU JODMVEFFUDTUOTDPOGE  TBMU@FOBCMFUSVF TUSFUDIJOH@OVNCFS VTFSlCBTJD@VTFS QBTTXPSECBTJD@QBTTXPSE <VTFSTFYBNQMF> JE

    HSPVQ@JE LFZT<TTISTB99999ʜ> <HSPVQTFYBNQMF> JE VTFST<FYBNQMF> <TVEPFSTFYBNQMF> QBTTXPSE GEDEBGFBBDBEBCGGCCCDEEDCGB

  18. ઃఆϑΝΠϧΫϥΠΞϯτ api_end_point = ["http://<server-master>:1104", "http://<server-slave>:1104"] user = "basic_user" password =

    "basic_password" wrapper_path = "/usr/local/bin/stns-query-wrapper" chain_ssh_wrapper = "/usr/libexec/openssh/ssh-ldap-wrapper" ssl_verify = true LDAPͱͷڞଘ΋Մೳ

  19. XSBQQFSίϚϯυ $ stns-query-wrapper /user/name/pyama { "metadata": { "api_version": 2, "result":

    "success", "min_id": 2000 }, "items": { "pyama": { "id": 10301, "password": "", "hash_type": "", "group_id": 2000, "directory": "", "shell": "", "gecos": "", "keys": [ "ssh-rsa xxx" ], "link_users": null } }

  20. ಋೖ w SQN EFCڞʹCJU CJU൛ͷఏڙ SFQPTUOTKQ  DVSMGT4-IUUQTSFQPTUOTKQTDSJQUTZVNSFQPTIcTI ZVNJOTUBMMTUOTMJCOTTTUOTMJCQBNTUOT IUUQTHJUIVCDPN45/4TUOTDPPLCPPL

    IUUQTHJUIVCDPN45/4QVQQFUTUOT w $IFG 1VQQFUͷΫοΫϒοΫɺϚχϑΣετΛఏڙ  1VQQFUϚχϑΣετ͸!IGN͕։ൃͯ͘͠Εͨ 

  21. ಋೖ Πϯετʔϧʙ44)ެ։伴ೝূ·Ͱ෼ඵ

  22. Ϣʔβʔ؅ཧ΋(JUIVC'MPX (JUIVC&OUFSQSJTF͔ΒϢʔβʔσʔλΛ࡞੒͠ɺ1VMM3FRVFTU ࣗಈςετɾਓͷ໨ʹΑΔϨϏϡʔ σϓϩΠ

  23. ӡ༻Πϝʔδ nginx stns nginx stns /HJOYͰ44-Λऴ୺ͭͭ͠ɺ$BQJTUSBOPͳͲͷσϓϩΠπʔϧͰ TUOTDPOGΛσϓϩΠ

  24. ӡ༻Πϝʔδ nginx stns nginx stns αʔόͷTUOTDPOGΛ௚઀ฤू͠ɺ4$1΍STZODͰಉظ

  25. 45/4ϘΫ͕։ൃऀͩ͠࢖ͬͨ΄͏͕͍͍ w ൥ࡶԽͮ͠Β͍పఈͨ͠γϯϓϧ͞ w γϯϓϧ͕ނʹ֦ுੑ͕ߴ͍ w ಋೖͷख͕ؒগͳ͍ w ೔ຊޠυΩϡϝϯτͷఏڙɺ։ൃऀ͕೔ຊ࣌ؒʹ͍Δ

  26. 45/4ͰϢʔβʔ؅ཧΛ ࢝ΊΑ͏

  27. 5IBOLZPV