PAM_thing_Else

Transcript

1. ʙޒ݄Ӎɺޒ݄පɺʹΜ͡ΌΓ͹Μ͹Μ൛ʙ !QZBNB
   
   (.0
   1FQBCP
   *OD
   
   ۝भΠϯϑϥަྲྀษڧձ ,JYT
   7PM 1".
   UIJOH
   &MTF

2. IUUQTUFOTOBQPODPN νʔϑςΫχΧϧϦʔυ ࢁԼ
   ࿨඙!QZBNB ϗεςΟϯάࣄۀ෦

3. IUUQTUOTKQ

4. 1MVHHBCMF
   "VUIFOUJDBUJPO
   .PEVMF

5. ,11࠷ߴʂ͍݁ࠗͨ͠ʂ  1".֓ཁ
    ϓϥΨϒϧͳΠϯλʔϑΣʔε
    ࣗ༝ɺͦͯ͠ɺͦͷઌʹ

6. 1". $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so

   nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so

7. 1". TTI 1". -%"1 45/4 FUDTIBEPX TVEP MPHJO ΞϓϦέʔγϣϯ͔Βݟͨೝূͷந৅Խ "QQMJDBUJPO

   #BDLFOE

8. 1". $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so

   nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so 1".ͷઃఆ͸ύʔτͰߏ੒͞ΕΔ

9. λΠϓ $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so

   nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so

10. λΠϓ λΠϓ ར༻έʔε BVUI Ϣʔβʔೝূ࣌ʹར༻ɻ-%"1΍45/4ͷར༻ͳͲ BDDPVOU ΞΧ΢ϯτͷ༗ޮظؒͱ͔ɺύεϫʔυͷมߋظؒͷϚωδϝϯτͳͲ QBTTXE ύεϫʔυͷมߋ࣌ͳͲʹɺύεϫʔυͷจࣈ਺΍ɺେจࣈখจࣈͷ
    ϙϦγʔΛ؅ཧͨ͠Γ͢Δ

    TFTTJPO ϩάΠϯޙʹσΟϨΫτϦΛ࡞੒΍5FSNJOBMϩάͷ։࢝ͳͲ

11. ੍ޚϑϥά $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so

    nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so ੍ޚϑϥά͸ఆٛॱʹ্͔ΒԼ΁ධՁ͞ΕΔ

12. ੍ޚϑϥά ϑϥά ಺༰ SFRVJSFE ඞͣ੒ޭ͢Δඞཁ͕͋Δ͕ɺࣦഊͯ͠΋ॲཧ͸ܧଓ͞ΕΔɻ
    ࣦഊͨ͠৔߹ͷ໭Γ஋͸ɺ࠷ॳʹࣦഊͨ͠Ϟδϡʔϧͷ໭Γ஋͕࠾༻͞ΕΔ SFRVJTJUF ඞͣ੒ޭ͢Δඞཁ͕͋ΔɻSFRVSFEͱҟͳΓɺࣦഊ͢Δͱॲཧ͸ͦͷ࣌఺Ͱɺதஅ͢Δ TV⒏DJFOU SFRVJSFE͕ࣦഊ͍ͯ͠ͳ͍৔߹ʹɺ੒ޭ͢Δͱͦͷ࣌఺Ͱ੒ޭͱΈͳ͠ɺॲཧΛதஅ͢Δ

    PQUJPOBM ௨ৗ͸੒൱Λແࢹ͢Δ͕ɺଞͷϑϥά͕ͳ͍৔߹ɺPQUJPOBMͷ݁Ռ͕ར༻͞ΕΔ

13. ੍ޚϑϥά ϑϥά ࣦഊͨ͠৔߹ͷ
    ޙଓॲཧ ੒ޭͨ͠৔߹ͷ
    ޙଓॲཧ ੒ޭ৚݅ ࣦഊ৚݅ SFRVJSFE ܧଓ

    ܧଓ શͯ੒ޭ ҰͭͰ΋ࣦഊ SFRVJTJUF தஅ ܧଓ શͯ੒ޭ ҰͭͰ΋ࣦഊ TV⒏DJFOU ܧଓ தஅ ҰͭͰ΋੒ޭ શࣦͯഊ PQUJPOBM ܧଓ ܧଓ SFRVJSF SFRVJTJUF͕ଘ ࡏ͠ͳ͍৔߹Ͱ੒ޭ ͳ͠

14. ੍ޚϑϥά $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_fprintd.so

    auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so QBN@FOWTPͷ؀ڥม਺ಡΈࠐΈ͸੒ޭ͢Δඞཁ͕͋Δ
    
    QBN@GQSJOUETPʹΑΔࢦ໲ೝূʹ੒ޭͨ͠Βɺଈ࣌ೝূ͸੒ޭ
    
    QBN@VOJYTPʹΑΔFUDTIBEPXͷύεϫʔυೝূʹ੒ޭͨ͠Βɺଈ࣌ೝূ͸੒ޭ
    
    QBN@TVDDFFE@JGTPʹΑΓɺVJE͕Ҏ্Ͱ͋Δඞཁ͕͋Δ
    
    QBN@EFOZTPʹΑΓશͯͷೝূ͕ڋ൱͞ΕΔ

15. Ϟδϡʔϧ $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so

    nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so

16. Ϟδϡʔϧ

17. QBN@VOJYTP
    OVMMPL
    USZ@pSTU@QBTT

18. QBN@VOJYTP
    OVMMPL
    USZ@pSTU@QBTT Ϟδϡʔϧ Ҿ਺

19. TP
    
    4IBSFE
    0CKFDU

20. 4IBSFE
    0CKFDU IBZTP 3VCZ
    
    IFZ 1)1
    
    IFZ  (PMBOH
    
    IFZ $MBOH
    
    IFZ  JODMVEF
    TUEJPI
    WPJE
    IBZ

    
    \
    
    
    
    
    QSJOUG )FMMP
    5BLBEBz 
    ^
    4IBSFE
    0CKFDU͸৭ʑͳݴޠ͔Β#JOEJOHͯ͠ɺ$BMM͢Δ͜ͱ͕ग़དྷΔ

21. 3VCZͷ৔߹ [ require "ffi" module Fib extend FFI::Library ffi_lib "hey.so"

    attach_function :hey end puts Fib.hay # => Hello, Takada!

22. ୤ઢMEE MEEίϚϯυͰର৅ͷόΠφϦ͕ϦϯΫ͍ͯ͠Δ
    4IBSFE
    0CKFDUΛ֬ೝ͢Δ͜ͱ͕ग़དྷ·͢ɻ
    Α͘࢖͏έʔε͸ɺύοέʔδϚωʔδϟʔͰೖΕͨ
    TP͔ΒιʔεΠϯετʔϧ͞ΕͨTPʹ࠶ϦϯΫ͢Δ
    ৔߹ͳͲʹར༻͢Δ

23. ͞Βʹ୤ઢ
    &-'ϔομ -JOVYͷඪ४όΠφϦϑΥʔϚοτͰ͋Δ&-'ͷϔομΛݟΔͱɺ
    Ͳͷϝιου͕ར༻ՄೳͰ͋Δ͔ΛݟΔ͜ͱ͕ग़དྷΔ

24. QBN@VOJYTP
    OVMMPL
    USZ@pSTU@QBTT Ϟδϡʔϧ Ҿ਺ ݺͼग़͞ΕΔϝιου͸ʁ

25. ݺͼग़͞ΕΔϝιου͸λΠϓ͝ͱʹҟͳΔ λΠϓ ϝιου BVUI QBN@TN@BVUIFOUJDBUF BDDPVOU QBN@TN@BDDU@NHNU QBTTXPSE QBN@TN@DIBVUIUPL TFTTJPO

    QBN@TN@PQFO@TFTTJPO
    QBN@TN@DMPTF@TFTTJPO 1".@&95&3/
    JOU
    QBN@TN@BVUIFOUJDBUF QBN@IBOEMF@U
    QBNI
    
    JOU
    qBHT JOU
    BSHD
    DPOTU
    DIBS
    BSHW<>
    \
    
    
    QBN@HFU@VTFS QBNI
    VTFS
    /6-- 
    
    
    JG VTFS
    
    L@OJTIJEB
    
    
    
    
    SFUVSO
    1".@"65)@&33 
    ^ OVMMPL USZ@pSTU@QBTTͷΑ͏ͳ
    Ҿ਺͸ BSHW͔ΒऔಘՄೳ

26. 1". $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so

    nullok try_first_pass account required pam_unix.so account sufficient pam_localuser.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass session optional pam_keyinit.so revoke session required pam_limits.so QBN@FOWTP͸QBN@TN@BVUIFOUJDBUF͕࣮૷͞Ε͓ͯΓɺ
    QBN@MPDBMVTFSTPʹ͸QBN@TN@BDDU@NHNU͕࣮૷͞Ε͍ͯΔ
    

27. 45/4ͷ৔߹ QBN@TUOTTP 45/4 MPHJOTVEPFUD <VTFSTFYBNQMF>
    JE
    
    
    HSPVQ@JE
    
    
    EJSFDUPSZ
    
    IPNFFYBNQMF
    QBTTXPSE
    
    ;CD&6XR-8.D7 45/4Ͱ͸MPHJO΍TVEP͔ΒBVUIλΠϓΛར༻ͯ͠ɺ
    

    ύεϫʔυೝূΛ)5514ͷ௨৴Ͱ࣮ݱ͍ͯ͠Δ HFU SFTQPOTF QBN@TN@BVUIFOUJDBUF

28. ͜ͷੈʹ͸1".ʹ࢖ΘΕΔଆͷਓؒͱ
    1".Λ࢖͏ଆͷਓ͕͍ؒΔ
    CZ
    ΞϧηʔψɾϐϠϚ

29. ࢖͏ଆʹͳΔʹ͸ wIUUQXXXMJOVYQBNPSH-JOVY1".IUNM-JOVY1".@"%(IUNM
    wఆٛ͞ΕͨαʔϏε໊ʹج͖ͮɺFUDQBNEαʔϏε໊͕ࢀর͞ΕΔ QBN@TUBSU lαʔϏε໊z
    VTFS
    TUPSF@DPOW
    TTIQBN@IBOEMF 
    ʜ
    

    QBN@BVUIFOUJDBUF TTIQBN@IBOEMF
    qBHT 
    ʜ
    QBN@FOE TTIQBN@IBOEMF
    TTIQBN@FSS 

30. 44)ͷ৔߹ɺͲͷΑ͏ʹར༻͞Ε͍ͯΔ͔ λΠϓ ϝιου ༻్ BVUI QBN@BVUIFOUJDBUF TTIEͷύεϫʔυೝূʹར༻ɻެ։伴ೝূͳͲͰ͸ར༻͍ͯ͠ͳ ͍ɻ BDDPVOU QBN@BDDU@NHNU

    TTIEͷೝূޙʹར༻ QBTTXPSE QBN@DIBVUIUPL TTIͰQUZΛ։͘ࡍʹɺBDDPVOUͰύεϫʔυͷ༗ޮظݶ͕੾Ε͍ͯ ͨ৔߹ͳͲʹར༻ TFTTJPO QBN@PQFO@TFTTJPO
    QBN@DMPTF@TFTTJPO TTIEͷηογϣϯ։ด࣌ʹར༻

31. ͨͩɺ$ݴޠͱ͔ॻ͚ͳ͍ͱɺ
    ࢖͑ͳ͍͡Όͳ͍Ͱ͔͢ʁ
    ·͋๻͸ॻ͖·͚͢Ͳɺ๻͸Ͷ

32. (PMBOH

33. HP
    CVJME
    CVJMENPEFDTIBSFE Go 1.5Ҏ߱ͳΒ͹CGOΛར༻͠ڞ༗ϥΠϒϥϦΛ࡞੒Մೳ package main /* #include <pwd.h> #include <sys/types.h>

    */ import "C" //export pam_sm_authenticate func pam_sm_authenticate(pamh *C.pam_handle_t, flags C.int, argc C.int, argv **C.char) C.int { return C.PAM_SUCCESS }

34. NSVCZ

35. NSVCZ wܰྔ3VCZ
    wόΠφϦπʔϧΛ࡞੒Ͱ͖ͨΓɺ"QBDIFɺOHJOYͷϞδϡʔϧʹ૊ΈࠐΜͩΓ ͢Δ͜ͱ͕ग़དྷΔ
    w3VCZͱͷߟ͑ํͷҧ͍ͱͯ͠ɺ3VCZ͸(FNΛར༻ͯ͠ɺݺͼग़͠ઌͷϥΠϒ ϥϦͱ֦ͯ͠ு͍͕ͯ͘͠ɺNSVCZ͸NHFNͱ͍͏࢓૊ΈͰόΠφϦͦͷ΋ͷ Λ֦ு͢Δ 3VCZ IUUQ PQFOTTM

    NSVCZ IUUQ PQFOTTM

36. IUUQRJJUBDPNVE[VSBJUFNTBDDEBBDB

37. MJCQBNNSVCZ MJCQBNNSVCZTP BVUI EFG
    BVUIFOUJDBUF VTFSOBNF
    QBTTXPSE
    
    
    VTFSOBNF
    
    bQZBNB`
    
    
    
    QBTTXPSE
    
    Q!TTXPSE
    FOE

    ೚ҙͷ3VCZεΫϦϓτΛ࣮ߦ͢Δࣄ͕Ͱ͖ΔͷͰɺ3VCZͰ࣮ݱग़དྷΔൣ ғͰࣗ༝ʹ֦ு͢Δ͜ͱ͕ग़དྷΔ
    (JU)VCɺ'BDF#PPLͷΑ͏ͳ֎෦αʔϏεͰೝূɺཁૉೝূFUDʜ

38. ·ͱΊ

39. FUDQBNE999͸೉͘͠ͳ͍

40. 1".ʹ͸·ͩ·ͩՄೳੑ͕ͨ͘͞Μ

41. -%"1
    45/4
    :VCJLFZ

42. ͜͏͍͏ೝূ໘ന͍͔΋ʁ

43. ϩάΠϯͨ͠ޙɺ
    ͜͏͍͏ࣄͰ͖ͨΒศར͔΋ʁ

44. 8SJUF
    UIF
    DPEF
    $IBOHF
    UIF
    XPSME

45. ܅΋ϖύϘͰಇ͔ͳ͍͔ʁ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU