出会って10分で伝えるSTNSとLinuxの 認証基盤

1b838da2065660793d5b26f2cdc32de7?s=47 Kazuhiko Yamashita
August 27, 2016
Technology
1
580

出会って10分で伝えるSTNSとLinuxの 認証基盤

[KIXS Vol.000 インフラLTの祭典]にてLTしたSTNSについての資料です。

1b838da2065660793d5b26f2cdc32de7?s=128

Kazuhiko Yamashita

August 27, 2016
Tweet

More Decks by Kazuhiko Yamashita

See All by Kazuhiko Yamashita
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
11
7k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
18
3.9k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
9
9.5k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
2
1.8k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
3
1.1k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
1
1.7k
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
0
120
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
0
120
1b838da2065660793d5b26f2cdc32de7?s=48 pyama86
2
1.1k

Other Decks in Technology

See All in Technology
1cf2de2da02f94ad87a7a31038721e6c?s=48 capsmalt
1
140
Ae4ace6ba2b695fd37e4121faef66b43?s=48 katsushun89
0
170
5bbbb20da49b1f802af50b0f17a4f31f?s=48 miuranobuki
0
960
F01c8fdfa64bdfc00a94896e0b1359e0?s=48 tmdoi
0
240
Ed0857744ec644c8ec83cf04e3a1f5fd?s=48 mizushimac
0
2.3k
Cb7edd153cf503f44c727b73647558bf?s=48 tetsuroito
0
920
332f89cc697355902a817506b6995f2b?s=48 ytaka23
2
710
8a84268593355816432ceaf78777d585?s=48 dena_tech
0
240
40301c0affdf359eaca771713e22b71a?s=48 harshbothra
0
130
8a84268593355816432ceaf78777d585?s=48 dena_tech
1
1.8k
Cbc297b07593321e52c75a9ebcc0f843?s=48 jacopen
5
650
2564c99f616f1ecfc0f617a6fe87e2a9?s=48 penguin045
0
120

Featured

See All Featured
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
4
490
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
68
3.4k
E14f55d3f939977cecbf51b64ff6f861?s=48 keithpitt
399
20k
Eb8975af8e49e19e3dd6b6b84a542e26?s=48 qrush
282
18k
7edec06b5435e0dac07a353b2cc26253?s=48 geeforr
330
29k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
83
4.6k
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
7
410
F68cb25ae3e5c2106997454b13b7737d?s=48 brad_frost
154
6.2k
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
113
7k
E13c31390e0369fcd5972292ce0e7b92?s=48 jnunemaker
PRO
40
4.3k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
10
220
5f83ef806155b403c3393160ce51f955?s=48 jlugia
215
16k

Transcript

  1. QZBNB(.01&1"#0JOD ,*947PMΠϯϑϥ-5ͷࡇయ ग़ձͬͯ෼Ͱ఻͑Δ 45/4ͱ-JOVYͷ ೝূج൫

  2. IUUQTUFOTOBQPODPN γχΞɾΤϯδχΞ ࢁԼ࿨඙!QZBNB ϗεςΟϯάࣄۀ෦ϜʔϜʔυϝΠϯνʔϜ

  3. -JOVYೝূج൫ 1.

  4. -JOVYೝূج൫ 44)ϩάΠϯ Ϣʔβʔ໊  άϧʔϓ໊ʁ ύεϫʔυʁ ެ։伴ʁ

  5. -JOVYೝূج൫ w FUDQBTTXE FUDHSPVQ FUDTIBEPX BVUIPSJ[FE@LFZT w -%"1 w .Z42-

  6. -JOVYೝূج൫ wFUDQBTTXE FUDHSPVQ FUDTIBEPX BVUIPSJ[FE@LFZT ˠVTFSBEE HSPVQBEE w-%"1 ˠ匠͕ඞཁ w.Z42-

    ˠϢʔβʔ؅ཧʹ͸Ͱ͔͗͢Δ

  7. -JOVYೝূج൫ ੢ͷঊ ౦ͷঊ ೆͷঊ ๺ͷঊ ๭ࣾͰ͸αʔϏε͝ͱʹཚཱ͞Εͨ -%"1ΛঊͷྗΛ૯݁ूͨ͠ ಉظεΫϦϓτͰ -%"1ิ׬ܭըΛ਱ߦத -%"1͸ΞτϦϏϡʔτ͕௥Ճ͠΍͘͢൚༻ੑ͕ߴ͍ͷͰɺ

    ӡ༻͔ΒᷓΕɺཚཱ͞Εͯ͠·͍͕ͪ

  8. ͲΕ΋͠ΜͲ͍͚Ͳ ΍Βͳ͖Ό͍͚ͳ͍

  9. ଏͬΆ͍ͳ

  10. IUUQTUOTKQ

  11. 45/4 w (PMBOH w 5PNMܗࣜͷઃఆϑΝΠϧ w +40/ΠϯλʔϑΣʔεͷαʔόɾΫϥΠΞϯτ w 8SBQQFSΛࣗ༝ʹมߋͰ͖Δ ϓϥΨϒϧ

  12. 45/4

  13. ίϯηϓτ ໊લղܾɺެ։伴औಘɺΞΧ΢ϯτೝূͷΈΛఏڙ ͢Δɻଟ͘Λ΍Βͣɺγϯϓϧʹอͭ͜ͱͰ؅ཧɺ ૊Έ߹ΘͤΛ༰қʹɻ https://github.com/STNS/STNS

  14. -JOVYϢʔβʔάϧʔϓͷ໊લղܾ % ls -ltr -rw-r--r-- 1 pyama wheel 0 May

    8 00:09 hatena_pepabo.txt % ls -ltr -rw-r--r-- 1 1000 1000 0 May 8 00:09 hatena_pepabo.txt id:1000 is pyama

  15. w TVEPFST w TTIE@DPOpH "MMPX(SPVQT "MMPX6TFST  w QBNೝূ -JOVYϢʔβʔάϧʔϓͷ໊લղܾ

  16. ΞʔΩςΫνϟ STNS http(1104) ls libnss-stns libpam-stns query-wrapper key-wrapper /user/name/pyama {

    name:pyama, id: 1000, dir:/home/pyama … } αʔόɾΫϥΠΞϯτؒ͸httpΛར༻ͨ͠ JSONܗࣜͷΠϯλʔϑΣʔε

  17. ઃఆϑΝΠϧαʔό QPSU JODMVEFFUDTUOTDPOGE  TBMU@FOBCMFUSVF TUSFUDIJOH@OVNCFS VTFSlCBTJD@VTFS QBTTXPSECBTJD@QBTTXPSE <VTFSTFYBNQMF> JE

    HSPVQ@JE LFZT<TTISTB99999ʜ> <HSPVQTFYBNQMF> JE VTFST<FYBNQMF> <TVEPFSTFYBNQMF> QBTTXPSE GEDEBGFBBDBEBCGGCCCDEEDCGB

  18. ઃఆϑΝΠϧΫϥΠΞϯτ api_end_point = ["http://<server-master>:1104", "http://<server-slave>:1104"] user = "basic_user" password =

    "basic_password" wrapper_path = "/usr/local/bin/stns-query-wrapper" chain_ssh_wrapper = "/usr/libexec/openssh/ssh-ldap-wrapper" ssl_verify = true LDAPͱͷڞଘ΋Մೳ

  19. XSBQQFSίϚϯυ $ stns-query-wrapper /user/name/pyama { "metadata": { "api_version": 2, "result":

    "success", "min_id": 2000 }, "items": { "pyama": { "id": 10301, "password": "", "hash_type": "", "group_id": 2000, "directory": "", "shell": "", "gecos": "", "keys": [ "ssh-rsa xxx" ], "link_users": null } }

  20. ಋೖ w SQN EFCڞʹCJU CJU൛ͷఏڙ SFQPTUOTKQ  DVSMGT4-IUUQTSFQPTUOTKQTDSJQUTZVNSFQPTIcTI ZVNJOTUBMMTUOTMJCOTTTUOTMJCQBNTUOT IUUQTHJUIVCDPN45/4TUOTDPPLCPPL

    IUUQTHJUIVCDPN45/4QVQQFUTUOT w $IFG 1VQQFUͷΫοΫϒοΫɺϚχϑΣετΛఏڙ  1VQQFUϚχϑΣετ͸!IGN͕։ൃͯ͘͠Εͨ 

  21. ಋೖ Πϯετʔϧʙ44)ެ։伴ೝূ·Ͱ෼ඵ

  22. Ϣʔβʔ؅ཧ΋(JUIVC'MPX (JUIVC&OUFSQSJTF͔ΒϢʔβʔσʔλΛ࡞੒͠ɺ1VMM3FRVFTU ࣗಈςετɾਓͷ໨ʹΑΔϨϏϡʔ σϓϩΠ

  23. ӡ༻Πϝʔδ nginx stns nginx stns /HJOYͰ44-Λऴ୺ͭͭ͠ɺ$BQJTUSBOPͳͲͷσϓϩΠπʔϧͰ TUOTDPOGΛσϓϩΠ

  24. ӡ༻Πϝʔδ nginx stns nginx stns αʔόͷTUOTDPOGΛ௚઀ฤू͠ɺ4$1΍STZODͰಉظ

  25. 45/4ϘΫ͕։ൃऀͩ͠࢖ͬͨ΄͏͕͍͍ w ൥ࡶԽͮ͠Β͍పఈͨ͠γϯϓϧ͞ w γϯϓϧ͕ނʹ֦ுੑ͕ߴ͍ w ಋೖͷख͕ؒগͳ͍ w ೔ຊޠυΩϡϝϯτͷఏڙɺ։ൃऀ͕೔ຊ࣌ؒʹ͍Δ

  26. 45/4ͰϢʔβʔ؅ཧΛ ࢝ΊΑ͏

  27. 5IBOLZPV