<HTML
><HEAD
><TITLE
>pam_ldap �$B$H�(B nss_ldap �$B$r;H$C$?�(B LDAP �$BG'>Z�(B</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.54"><LINK
REL="HOME"
TITLE="LDAP Implementation HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="�$B35MW�(B"
HREF="overview.html"><LINK
REL="NEXT"
TITLE="LDAP �$B$r;H$C$?�(B Radius �$BG'>Z�(B"
HREF="radius.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>LDAP Implementation HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="overview.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="radius.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="PAMNSS"
>2. pam_ldap �$B$H�(B nss_ldap �$B$r;H$C$?�(B LDAP �$BG'>Z�(B</A
></H1
><P
>�$B$3$N>O$O�(B LDAP �$B$r�(B NIS �$B$NBeMQIJ$H$7$F%f!<%6%+%&%s%H$N4IM}$K�(B
�$B;H$&J}K!$K>GE@$r9g$o$;$^$9!#$?$/$5$s$N%f!<%6%"%+%&%s%H$r4v$D$+$N�(B
�$B%[%9%H$KJ,;6$7$F;}$C$F$$$k$H!"%"%+%&%s%H@_Dj$KIT@09g$,@8$8$k$3$H$,�(B
�$B$h$/$"$j$^$9!#�(BLDAP �$B$r;H$($P!"=8CfG'>Z%7%9%F%`$r9=C[$9$k$3$H$K$h$C$F�(B
�$B%G!<%?$N=EJ#$rHr$1$?$j0l4S@-$rA}$7$?$j$9$k$3$H$,$G$-$^$9!#�(B</P
><P
>�$B8=;~E@$G$O!"%f!<%6$N%"%+%&%s%H%G!<%?$dB>$N>pJs$r�(B
�$B%M%C%H%o!<%/7PM3$G6!5k$9$k$?$a$K:G$b$h$/;H$o$l$F$$$kJ}<0$O�(B
Network Information Service (NIS) �$B$G$9!#�(BLDAP �$B$HF1MM$K!"�(BNIS �$B$b�(B
�$BCf1{%5!<%P$K�(B passwd, shadow, groups, services, hosts �$BEy!9$N�(B
�$B@_Dj%U%!%$%k$rJ]4I$7$FCV$1$k$h$&$K$9$k%5!<%S%9$G$9!#�(B
NIS �$B%5!<%P$O�(B NIS �$B%/%i%$%"%s%H$+$iLd$$9g$o$;$r<u$1$F!"�(B
�$B$3$&$7$?>pJs$rDs6!$7$^$9!#�(B</P
><P
>LDAP �$B$O�(B NIS �$B$HF1$85!G=$rDs6!$G$-!"�(B
�$B$5$i$K4v$D$+!"�(BLDAP �$B$NJ}$,M%$l$F$$$kE@$,$"$j$^$9!#0J2<$N$H$*$j$G$9!#�(B</P
><P
></P
><UL
><LI
><P
>LDAP �$B%5!<%P>e$N>pJs$O!"MF0W$KJ#?t$NMQES$KMxMQ$G$-$^$9!#$3$N�(B HOWTO �$B$G�(B
�$B35@b$7$F$$$k$h$&$K!"�(BLDAP �$B%G!<%?%Y!<%9>e$NF1$8%f!<%6%(%s%H%j$O!"EEOCD"!"�(B
�$BM9JXG[C#!"It0wL>Jm$J$I$N$h$&$JB>$N%"%W%j%1!<%7%g%s$K;H$($k$N$G!"%G!<%?�(B
�$B$N=EJ#$dL7=b$rHr$1$k$3$H$,$G$-$^$9!#�(B</P
></LI
><LI
><P
>LDAP �$B$OJ#;($J%"%/%;%9%3%s%H%m!<%k%j%9%H$r�(B
�$B%G!<%?%Y!<%9$KE,MQ$G$-$^$9!#$3$l$O%G!<%?%Y!<%9$N�(B
�$B%(%s%H%j$KBP$9$k%Q!<%_%C%7%g%s$NE,@Z$JHyD4@0$r2DG=$K$7$^$9!#�(B</P
></LI
><LI
><P
>Secure Socket Layer (SSL) �$B$rDL$9$3$H$K$h$C$F!"�(BLDAP
�$B%5!<%P$H%/%i%$%"%s%H$N4V$K%;%-%e%"$JE>Aw7PO)$r<BAu$G$-$^$9!#�(B</P
></LI
><LI
><P
>slapd �$B%l%W%j%1!<%7%g%s�(B <A
NAME="AEN115"
HREF="#FTN.AEN115"
>[1]</A
> �$B$*$h$S�(B
DNS round robin query (�$B$3$l$OK\J8=q$G$O07$$$^$;$s$,�(B)
�$B$r;H$C$F!"BQ8N>c2=%5!<%S%9$r<BAu$9$k$3$H$,$G$-$^$9�(B
(�$BLuCm!'�(BDNS round robin query �$B$OBQ8N>c2=$K$J$i$J$$$N$G$O$J$$$+!"�(B
�$B$H$$$&Js9p$,$"$C$FCx<T$K3NG'$7$?$H$3$m!"�(B
�$B!V:G=i$N�(B DNS �$B%5!<%P$X$N@\B3$,5qH]$5$l$?$H$-$KB>$N%5!<%P$X$N@\B3$r;n9T$9$k$+$O�(B
�$B%/%i%$%"%s%H$K0MB8$9$k!W$H$N2sEz$rF@$^$7$?�(B)�$B!#�(B</P
></LI
><LI
><P
>�$B%M%C%H%o!<%/>e$N%f!<%6%"%+%&%s%H$r0l2U=j$K=8$a$F$*$/$3$H$O!"�(B
�$B$R$H$D$N4IM}>l=j$+$i$?$/$5$s$N%[%9%H$N%f!<%6$rJ]<i4IM}$9$k=u$1$K$J$j$^$9�(B
(�$B$D$^$j!"�(BLDAP �$B%5!<%P$G%"%+%&%s%H$r:n@.$*$h$S:o=|$9$l$P!"�(B
�$B$=$NJQ99E@$,B(:B$K�(B LDAP �$B%/%i%$%"%s%H$+$i3hMQ$G$-$k$h$&$K$J$k$N$G$9�(B)�$B!#�(B</P
></LI
></UL
><P
>�$B$3$3$G!"�(BPluggable Authentication Module (PAM) �$B$H�(B
Name Service Switch (NSS) �$B%F%/%N%m%8$rHw$($?%7%9%F%`>e$G�(B
LDAP �$B%5!<%P$,$I$N$h$&$KG'>Z$HG'2D$N$?$a$K;H$($k$+�(B
�$B$K>GE@$r9g$o$;$k$3$H$K$7$^$9!#FC$K�(B Linux �$B%*%Z%l!<%F%#%s%0�(B
�$B%7%9%F%`$K8@5Z$9$k$D$b$j$G$9$,!"$=$N@bL@$,B>$N%*%Z%l!<%F%#%s%0�(B
�$B%7%9%F%`$KE,MQ$G$-$J$$$H$$$&$o$1$G$O$"$j$^$;$s!#�(B</P
><P
>�$B$3$3$G<h$j>e$2$k4D6-$G$O#1Bf$N�(B LDAP �$B%5!<%P$,$"$j!"$3$3$K�(B
�$B%f!<%6%"%+%&%s%H%G!<%?$,07$$$d$9$$7A<0$G3JG<$5$l$^$9!#�(BUn*x �$B%/%i%$%"%s%H�(B
�$B$O!"$3$N>pJs$r;H$C$FI8=`$N�(B Un*x �$B$NN.57$G$NG'>Z$H%j%=!<%9$KBP$9$k�(B
�$BG'2D$r9T$$$^$9!#�(B</P
><P
>�$B%/%i%$%"%s%H!?%5!<%PDL?.$K$O!"%;%-%e%"$J7PO)$bMW5a$5$l$^$9!#�(B
�$B$H$$$&$N$b!"%f!<%6%"%+%&%s%H$N%G!<%?$N$h$&$K�(B
�$B%/%j%F%#%+%k$J>pJs$O!"�(B
�$B%M%C%H%o!<%/>e$KFbMF$,L@Gr$J$^$^Aw?.$9$Y$-$G$O$J$$$+$i$G$9!#�(B
�$B$3$N%;%-%e%"$J7PO)$O�(B Secure Socket Layer �$B$K$h$C$FHw$($i$l$^$9!#�(B</P
><P
>�$B%/%i%$%"%s%HB&$G$O%-%c%C%7%e5!9=$r@-G=>e$NLdBj$+$i�(B
�$BI,MW$H$7$^$9$,!"$3$l$O�(B Name Service Caching Daemon �$B$K$h$C$F�(B
�$BHw$($k$3$H$,$G$-$^$9!#�(B</P
><P
>�$B$3$N%7%9%F%`$r9=C[$9$k$N$K;H$&%=%U%H%&%'%"$N�(B
(�$B$[$\�(B) �$B$9$Y$F$,%*!<%W%s%=!<%9$G$9!#�(B</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN124"
>2.1. �$B9=@.MWAG�(B</A
></H2
><P
>�$B$3$N@a$G$O!"G'>Z%7%9%F%`$r9=C[$9$k$?$a$K;H$o$l$k<o!9$N9=@.MWAG$r�(B
�$B35@b$7$^$9!#3FMWAG$r4JC1$K@bL@$7$F$$$-$^$9!#�(B</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN127"
>2.1.1. �$BG'>Z�(B �$B!=�(B PAM �$B$H�(B pam_ldap.so</A
></H3
><P
>Pluggable Authentication Module �$B$O!"I8=`�(B UNIX, RSA, DCE, LDAP
�$B$H$$$C$?<o!9$NG'>Z5;=Q$H�(B login, passwd, rlogin, su, ftp, ssh
�$BEy!9$N%7%9%F%`%5!<%S%9$H$NE}9g$r2DG=$K$7!"$7$+$b$3$l$i$N%5!<%S%9�(B
�$B$rJQ99$9$kI,MW$,$"$j$^$;$s!#�(B</P
><P
>�$B:G=i$O�(B Sun Solaris �$B$K<BAu$5$l$?$N$G$9$,!":#$d�(B PAM �$B$O�(B
RedHat �$B$d�(B Debian �$B$r4^$`B?$/$N�(B Linux �$B%G%#%9%H%j%S%e!<%7%g%s$G!"�(B
�$BG'>Z$NOHAH$_$NI8=`E*$J$b$N$H$J$C$F$$$^$9!#�(B
�$B$3$l$K$h$C$F6!5k$5$l$k�(B API �$B$rDL$7$F!"G'>Z$NMW5a$,%F%/%N%m%8FCM-$NF0:n�(B
(�$B$3$l$O�(B PAM �$B%b%8%e!<%k$H8F$P$l$k%i%$%V%i%j$K$h$C$F<BAu$5$l$F$$$^$9�(B) �$B$K�(B
�$B3d$jEv$F$i$l$^$9!#�(B
�$B$3$N3d$jEv$F$O�(B PAM �$B@_Dj%U%!%$%k$G9T$J$o$l$^$9!#4pK\E*$K$3$N%U%!%$%k$NCf$G!"�(B
�$B3F%5!<%S%9$KMQ$$$kG'>Z5!9=$,M?$($i$l$k$3$H$K$J$j$^$9!#�(B</P
><P
>�$B:#2s$N>l9g$O!"�(Bpam_ldap.so �$B6&M-%i%$%V%i%j$G<BAu$5$l$k�(B
pam_ldap �$B%b%8%e!<%k$K$h$C$F!"%f!<%6$H%0%k!<%W$NG'>Z$K�(B LDAP �$B%5!<%S%9$r�(B
�$B;H$($k$h$&$K$7$^$9!#�(B</P
><P
>�$BG'>Z@_Hw$rI,MW$H$9$k%5!<%S%9$O$=$l$>$l!"�(B
PAM �$B@_Dj%U%!%$%k$rDL$7$F!"0[$J$kG'>ZJ}<0$r;H$&$h$&$K�(B
�$B@_Dj$G$-$^$9!#$3$l$O$D$^$j!"�(BPAM �$B@_Dj%U%!%$%k$r;H$C$F!"�(B
�$B%f!<%6$,%j%=!<%9$X$N%"%/%;%9$rF@$k$?$a$KK~$?$5$J$/$F$O$J$i$J$$�(B
�$BMW5a;v9`$N0lMwI=$r=q$/$3$H$,$G$-$k$H$$$&0UL#$G$9!#�(B</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN133"
>2.1.2. Name Service Switch �$B$H�(B nss_ldap.so</A
></H3
><P
>�$B$$$C$?$s%f!<%6$,G'>Z$5$l$F$+$i$b!"B?$/$N%"%W%j%1!<%7%g%s$O�(B
�$B%f!<%6>pJs$X$N%"%/%;%9$rI,MW$H$7$^$9!#$3$N>pJs$OEAE}E*$K$O�(B
�$B%F%-%9%H%U%!%$%k�(B (<TT
CLASS="FILENAME"
>/etc/passwd</TT
>,
<TT
CLASS="FILENAME"
>/etc/shadow</TT
>, <TT
CLASS="FILENAME"
>/etc/group</TT
>)
�$B$KF~$l$i$l$F$$$^$9$,!"B>$N%M!<%`%5!<%S%9$K$h$C$F6!5k$9$k$3$H$b$G$-$^$9!#�(B</P
><P
>�$B?7$7$$%M!<%`%5!<%S%9�(B (�$B$?$H$($P�(B LDAP) �$B$,F3F~$5$l$k$K$D$l!"�(B
�$B$3$N$h$&$J>pJs<hF@$N<BAu$O!"�(B
(NIS �$B$d�(B DNS �$B$N$h$&$K�(B) C �$B%i%$%V%i%jFb!"$^$?$O�(B
�$B$=$N?7$7$$%M!<%`%5!<%S%9$r;H$$$?$$%"%W%j%1!<%7%g%sFb$N!"�(B
�$B$I$A$i$G$b2DG=$H$J$C$F$7$^$$$^$7$?!#�(B</P
><P
>�$B$$$:$l$K$7$F$b!"$3$&$$$C$?$3$H$O!"6&DL$NHFMQE*$J%M!<%`%5!<%S%9�(B API
�$B$r;H$C$F!"3F%F%/%N%m%8$K4p$E$/F0:n$G%5!<%S%9$+$i>pJs$rF@$k�(B
�$B%i%$%V%i%j72$K$=$l$rMW5a$9$k$3$H$K$9$l$PHr$1$i$l$^$9!#�(B</P
><P
>GNU C Library �$B$O�(B <EM
>Name Service Switch</EM
> �$B$r<BAu$7$F�(B
�$B>e5-$r2r7h$7$^$7$?!#�(B
�$B$3$l$O�(B Sun C library �$B$K5/8;$r;}$A!"�(B
�$B6&DL$N�(B API �$B$rDL$7$F<o!9$N%M!<%`%5!<%S%9$+$i>pJs$rF@$i$l$k$h$&$K�(B
�$B$9$kJ}K!$G$9!#�(B</P
><P
>NSS �$B$O6&DL$N�(B API �$B$H@_Dj%U%!%$%k�(B
(<TT
CLASS="FILENAME"
>/etc/nsswitch.conf</TT
>) �$B$r;HMQ$7$^$9!#�(B
�$B$3$N@_Dj%U%!%$%kFb$G!"%5%]!<%H$9$k%G!<%?%Y!<%9Kh$K!"�(B
�$B$=$N%5!<%S%9$rDs6!$9$k%i%$%V%i%j$r;XDj$7$^$9!#�(B</P
><P
>�$B8=:_�(B NSS �$B$K$h$C$F%5%]!<%H$5$l$F$$$k�(B <A
NAME="AEN146"
HREF="#FTN.AEN146"
>[2]</A
>
�$B%G!<%?%Y!<%9$O�(B �$B!=�(B</P
><P
></P
><UL
><LI
><P
>aliases �$B!=�(B �$B%a!<%k%(%$%j%"%9!#�(B</P
></LI
><LI
><P
>ethers �$B!=�(B �$B%$!<%5%M%C%H$NHV9f$N%G!<%?!#�(B</P
></LI
><LI
><P
>group �$B!=�(B �$B%f!<%6$N%0%k!<%W!#�(B</P
></LI
><LI
><P
>hosts �$B!=�(B �$B%[%9%H$NL>A0$HHV9f$N%G!<%?!#�(B</P
></LI
><LI
><P
>netgroup �$B!=�(B �$B%M%C%H%o!<%/A4BN$N%[%9%H$H%f!<%6$N0lMw!#�(B</P
></LI
><LI
><P
>network �$B!=�(B �$B%M%C%H%o!<%/$K4X$9$kL>A0$HHV9f$N%G!<%?!#�(B</P
></LI
><LI
><P
>protocols �$B!=�(B �$B%M%C%H%o!<%/$N%W%m%H%3%k!#�(B</P
></LI
><LI
><P
>passwd �$B!=�(B �$B%f!<%6$N%Q%9%o!<%I!#�(B</P
></LI
><LI
><P
>rpc �$B!=�(B Remote Procedure Call �$B$K4X$9$kL>A0$HHV9f$N%G!<%?!#�(B</P
></LI
><LI
><P
>services �$B!=�(B �$B%M%C%H%o!<%/%5!<%S%9!#�(B</P
></LI
><LI
><P
>shadow �$B!=�(B �$B%f!<%6$N%7%c%I%&%Q%9%o!<%I!#�(B</P
></LI
></UL
><P
>nss_ldap �$B6&M-%i%$%V%i%j$r;H$($P!"�(BLDAP �$B$rMQ$$$F>e5-$N3d$jEv$F$r�(B
�$B<BAu$9$k$3$H$,$G$-$^$9!#$[$s$H$&$O>e5-$9$Y$F$N3d$jEv$F$,<BAu$G$-$k$N$G$9�(B
�$B$1$l$I$b!"$3$3$G$O�(B shadow, passwd, group �$B%G!<%?%Y!<%9$N�(B LDAP �$B<BAu�(B
�$B$K$N$_>GE@$r9g$o$;$k$3$H$K$7$^$9!#�(B</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN172"
>2.1.3. Lightweight Directory Access Protocol</A
></H3
><P
>�$B:#2s$N%"%W%j%1!<%7%g%s$G$O!"%f!<%6%"%+%&%s%H$H�(B
�$B%f!<%6%0%k!<%W$K4X$9$k>pJs$r%/%i%$%"%s%H$K6!5k$9$k$?$a$K�(B LDAP �$B$,;HMQ$5$l$^$9!#�(B
�$B%f!<%6$H%0%k!<%W$rI=$o$9$N$KMQ$$$i$l$kI8=`E*$J�(B objectclass �$B$O�(B
top, posixAccount, shadowAccount, posixGroup �$B$G$9!#�(B</P
><P
>�$B%G!<%?%Y!<%9>e$N%f!<%64XO"$N%(%s%H%j$O>/$J$/$H$b�(B <A
NAME="AEN176"
HREF="#FTN.AEN176"
>[3]</A
> top, posixAccount, shadowAccount �$B$N�(B objectclass
�$B$KB0$7$F$$$J$/$F$O$J$j$^$;$s!#%0%k!<%W%(%s%H%j$O�(B top �$B$H�(B posixGroup
�$B$N�(B objectclass �$B$KB0$7$F$$$J$/$F$O$J$j$^$;$s!#�(B</P
><P
>�$B:#2sMxMQ$9$k�(B pam_ldap �$B$H�(B nss_ldap �$B$N<BAu$,$3$N�(B objectclass
�$B$r;2>H$9$k$+$i$G$9!#$3$N�(B objectclass �$B$O�(B RFC 2307 �$B$K5-=R$5$l$F$$$k$b$N$G$9!#�(B</P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>�$B<B:]$K$O!"�(BLDAP �$BHG�(B NSS �$B$O$3$3$GNc<($7$J$+$C$?�(B objectclass
�$B$bG'<1$7$^$9!#�(B</P
></BLOCKQUOTE
></DIV
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN181"
>2.1.4. Name Service Caching Daemon</A
></H3
><P
>Name Service Caching Daemon (NSCD) �$B$O%M!<%`%5!<%S%9$K$h$k�(B
�$BL>A02r7h$N7k2L$r%-%c%C%7%e$9$k$?$a$K;H$o$l!"�(B
NSS �$B$K$h$C$FDs6!$5$l$k%5!<%S%9$N@-G=$r8~>e$G$-$^$9!#�(B</P
><P
>�$B%/%i%$%"%s%HB&$,5vMF$G$-$k@-G=$rF@$k$?$a$K!"�(B
passwd �$B%(%s%H%j$N$?$a$KBg$-$J%-%c%C%7%e$r@_Dj$7$J$/$F$O$J$j$^$;$s!#�(B</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN185"
>2.1.5. Secure Socket Layer</A
></H3
><P
>�$B>\:Y$K$D$$$F$O�(B <A
HREF="ssl.html"
>Section 10</A
> �$B$r;2>H$7$F$/$@$5$$!#�(B</P
><P
>LDAP �$B%5!<%P$H%/%i%$%"%s%H%i%$%V%i%j�(B (pam_ldap.so �$B$d�(B nss_ldap.so)
�$B4V$NDL?.$K$O�(B SSL �$B$,I,MW$G$9!#=EMW$J%G!<%?!"�(B
�$B$?$H$($P%Q%9%o!<%I%(%s%H%j$J$I$O!"%/%i%$%"%s%H$H%5!<%P$H$N4V$G�(B
�$B0E9f2=$5$l$F$$$kI,MW$,$"$k$+$i$G$9!#�(BSSL �$B$O$^$?!"%/%i%$%"%s%H$,%5!<%P$r�(B
�$BFCDj$9$k$3$H$r2DG=$K$7$^$9$+$i!"$3$l$K$h$C$F!"IT3N$+$J>pJs8;$+$i�(B
�$BG'>Z>pJs$rF@$k$H$$$&$3$H$rHr$1$i$l$^$9!#�(B</P
><P
>�$B%/%i%$%"%s%HG'>Z�(B (�$B%5!<%P$,%/%i%$%"%s%H$r<1JL$9$k5!G=�(B)
�$B$O8=:_$N�(B pam_ldap �$B$*$h$S�(B nss_ldap �$B%b%8%e!<%k$N<BAu$G$O�(B
�$B%5%]!<%H$5$l$F$$$^$;$s!#$-$C$HM-MQ$J$N$G$7$g$&$1$l$I$b!#�(B</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN191"
>2.2. �$BG'>Z%7%9%F%`$N9=C[�(B</A
></H2
><P
>�$B$3$N>O$G$O!"A0>O$K5-$5$l$F$$$k9=@.MWAG$rMQ$$$?G'>Z%7%9%F%`$r�(B
�$B9=C[$9$k$?$a$KI,MW$J<j=g$r@bL@$7$^$9!#�(B</P
><DIV
CLASS="FIGURE"
><P
><B
>Figure 1. PAM �$B$NG[CV?^�(B</B
></P
><DIV
CLASS="MEDIAOBJECT"
><P
><IMG
SRC="PAMlayout.gif"
ALT="PAM �$B$N;kE@$+$i8+$?!"G'>Z%7%9%F%`3FIt$N4V$N4X78�(B
"
></IMG
></P
></DIV
></DIV
><DIV
CLASS="FIGURE"
><P
><B
>Figure 2. NSS �$B$NG[CV?^�(B</B
></P
><DIV
CLASS="MEDIAOBJECT"
><P
><IMG
SRC="NSSlayout.gif"
ALT="NSS �$B$N4QE@$+$i$N!"G'>Z%7%9%F%`$N3FIt4V$N4X78�(B
"
></IMG
></P
></DIV
></DIV
><P
>�$B$3$NG[CV?^$O!"<+J,$G<BAu$9$k$K$O$H$F$bJ#;($K�(B
�$B8+$($k$+$b$7$l$^$;$s!#$1$l$I$b$[$H$s$I$NMWAG$O$9$G$K�(B Linux
�$B$N%7%9%F%`Fb$KF~$C$F$7$^$C$F$$$^$9!#�(B</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN209"
>2.2.1. �$B%5!<%PB&�(B</A
></H3
><P
>�$B%5!<%PB&$K$*$$$F$O!"�(BLDAP �$B%5!<%P$,%$%s%9%H!<%k$5$l!"$+$D�(B
�$B@_Dj$5$l$F$$$J$/$F$O$J$j$^$;$s!#$3$3$G;H$&�(B LDAP �$B%5!<%P$O�(B OpenLDAP �$B$H$$$&�(B
�$B%*!<%W%s%=!<%9$N�(B LDAP �$B%D!<%k%-%C%H$G!"�(BLDAP �$B%5!<%P�(B (slapd) �$B$H�(B
�$B%i%$%V%i%j$H%f!<%F%#%j%F%#$r4^$s$G$$$^$9!#�(B</P
><P
>�$B8=;~E@$N�(B OpenLDAP �$B$K$O�(B LDAP �$B$N<BAu$,$U$?$D$"$j$^$9!#�(B
V2 �$B$N<BAu�(B (OpenLDAP 1.2.x) �$B$H�(B V3 �$B$N<BAu�(B (OpenLDAP 2.0.x) �$B$G$9!#�(B</P
><P
>V3 �$B$N<BAu$OK\BN$G�(B SSL �$B5!G=$rDs6!$7$^$9$,!"�(BV2 �$B$ODs6!$7$^$;$s!#�(B
�$B$H$O$$$(!"�(BV2 �$B$N%5!<%P$K$b�(B SSL �$B%i%C%Q$r;H$($k$N$G�(B SSL �$B5!G=$rDI2C$G$-$^$9�(B
(<A
HREF="ssl.html"
>Section 10</A
> �$B$r;2>H�(B)�$B!#�(B</P
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN215"
>2.2.1.1. OpenLDAP �$B$N%$%s%9%H!<%k$H@_Dj�(B</A
></H4
><P
>LDAP �$B$N%$%s%9%H!<%k$H@_Dj$N<j=g$O!"�(B
LDAP-HOWTO �$B$r;29M$K$G$-$^$9!#�(B</P
><P
>slapd �$B$,E,@Z$K@_Dj$5$l$?$i!"�(B
�$B%G!<%?%Y!<%9$N=i4|@8@.$N$?$a$K%G!<%?$rF~$l$kI,MW$,$"$j$^$9!#�(B
�$B$=$3$G!"�(BLDIF (LDAP Data Interchange Format) �$B%U%!%$%k$r�(B
�$B:n$i$J$/$F$O$J$j$^$;$s!#$3$l$O%F%-%9%H%U%!%$%k$G!"�(B
�$B0J2<$N%3%^%s%I$K$h$C$F�(B LDAP �$B%G!<%?%Y!<%9$K%$%s%]!<%H$5$l$^$9!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>#ldif2ldbm -i your_file.ldif </PRE
></FONT
></TD
></TR
></TABLE
></P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>ldif2ldbm �$B$O�(B OpenLDAP 1.2.x �$B%Q%C%1!<%8$G�(B
�$BDs6!$5$l$k$N$G!"�(BOpenLDAP 2.0.x �$B$r;H$&$N$G$"$l$P�(B
<TT
CLASS="FILENAME"
>ldapadd</TT
> �$B%3%^%s%I$r�(B (�$B%5!<%P5/F08e$K�(B) �$B;H$&$Y$-$G$9�(B
(�$BLuCm!'�(B2.0.x �$B$G�(B ldif2ldbm �$B$KAjEv$9$k$N$O�(B slapadd �$B$@$H$$$&;XE&$r�(B
�$B0pCOMM$+$i$$$?$@$-$^$7$?!#%5!<%PDd;_Cf$K�(B <B
CLASS="COMMAND"
>slapadd -l your_file.ldif</B
>�$B$H$9$kJ}$,B.$/$F4JC1$i$7$$$G$9�(B)�$B!#�(B</P
></BLOCKQUOTE
></DIV
><P
>OpenLDAP 2.0.x (LDAPv3) �$B$r;H$&$N$G$"$l$P!"I8=`E*$J�(B NIS �$B%9%-!<%^$,�(B
<TT
CLASS="FILENAME"
>/etc/openldap/schema/nis.schema</TT
> �$B$H$$$&%U%!%$%k$K�(B
�$BF~$C$F$$$^$9$+$i!"$=$l$r<+J,$N�(B <TT
CLASS="FILENAME"
>slapd.conf</TT
> �$B$G�(B
include �$B%G%#%l%/%F%#%V$K$h$C$F%9%-!<%^$rM-8z$K$7$F$/$@$5$$!#�(B</P
><P
>�$B0J2<$K�(B LDIF �$B%U%!%$%k$N:G$b4JC1$JNc$r5s$2$^$9!#�(B
�$B3F%(%s%H%j$O6u9T$GJ,$1$i$l$F$$$^$9!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>dn:dc=yourorg, dc=com
objectclass: top
objectclass: organizationalUnit
dn:ou=groups, dc=yourorg, dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
dn:ou=people, dc=yourorg, dc=com
objectclass: top
objectclass: organizationalUnit
ou: people
dn: cn=Giuseppe LoBiondo, ou=people, dc=yourorg, dc=com
cn: Giuseppe Lo Biondo
sn: Lo Biondo
objectclass: top
objectclass: person
objectclass: posixAccount
objectclass: shadowAccount
uid:giuseppe
userpassword:{crypt}$1$ss2ii(0$gbs*do&@=)eksd
uidnumber:104
gidnumber:100
gecos:Giuseppe Lo Biondo
loginShell:/bin/zsh
homeDirectory: /home/giuseppe
shadowLastChange:10877
shadowMin: 0
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
dn: cn=mygroup, ou=groups, dc=yourorg, dc=com
objectclass: top
objectclass: posixGroup
cn: mygroup
gidnumber: 100
memberuid: giuseppe
memberuid: anotheruser</PRE
></FONT
></TD
></TR
></TABLE
></P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>�$BD92a$.$k9T$O<!$N9T$r%?%V$+%9%Z!<%9�(B (�$B$$$:$l$+$r$R$H$D$@$1�(B) �$B$G;O$a$F�(B
�$BB3$1$i$l$k$3$H$r3P$($F$*$$$F$/$@$5$$!#$3$l$OB>$N�(B LDIF �$B=q<0$N%U%!%$%k�(B
�$B$K$bEv$F$O$^$j$^$9!#�(B</P
></BLOCKQUOTE
></DIV
><P
>�$B$3$3$G$O2<ItAH?%$rFs$D;}$DAH?%$H$7$F!"�(BDN �$B$rDj5A$7$^$7$?!#�(B
<EM
>dc=yourorg, dc=com</EM
>
�$B$H$$$&AH?%$H$7$FDj5A$7$^$7$?$,!"$=$N2<$K!"$U$?$D$NAH?%%5%V%f%K%C%H�(B �$B!=�(B
people �$B$H�(B groups �$B!=�(B �$B$,4^$^$l$F$$$^$9!#$=$7$F%f!<%6$O!"�(Bpeople �$BAH?%%f%K%C%H�(B
�$B$H!"�(Bgroups �$BAH?%%f%K%C%H2<$N%0%k!<%W�(B (�$B$N$&$A!"%f!<%6$,=jB0$7$F$$$k$b$N!#�(B
�$BLuCm!'�(Bgiuseppe �$B$N>l9g$O�(B mygroup) �$B$H$K=jB0$9$k$h$&5-=R$5$l$F$$$^$9!#�(B</P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>�$B4{B8$N%G!<%?%Y!<%9$r�(B LDIF �$B=q<0$KJQ49$9$k�(B
�$BJXMx$J%D!<%k$,�(B PADL �$B$K$h$C$FDs6!$5$l$F$$$^$9!#$3$l$O�(B<A
HREF="ftp://ftp.padl.com/pub/MigrationTools.tar.gz"
TARGET="_top"
>ftp://ftp.padl.com/pub/MigrationTools.tar.gz</A
>
�$B$H$$$&%"%I%l%9$K$"$j$^$9!#�(B</P
></BLOCKQUOTE
></DIV
><P
>LDIF �$B%U%!%$%k$O!"%5!<%P$,F0:n$7$F$$$J$$$H$-$K�(B
�$B%$%s%]!<%H$7$J$/$F$O$J$j$^$;$s!#�(Bldif2ldbm �$B%3%^%s%I$O�(B LDAP
�$B%5!<%P$rDL$5$:$KD>@\%G!<%?%Y!<%9$r9=C[$9$k$+$i$G$9!#�(B
LDIF �$B%U%!%$%k$r%G!<%?%Y!<%9$K%$%s%]!<%H$9$l$P!"�(B
�$B%5!<%P$r5/F0$G$-$^$9!#�(B</P
></DIV
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN239"
>2.2.2. �$B%/%i%$%"%s%HB&�(B</A
></H3
><P
>�$B%/%i%$%"%s%HB&$K$O�(B pam_ldap.so �$B$H�(B nss_ldap.so
�$B$,I,?\$G!"$=$l$i$O�(B Netscape LDAP Library (Mozilla)
�$B$r;H$C$F%3%s%Q%$%k$5$l$F$$$J$/$F$O$J$j$^$;$s!#�(B
�$B$=$N%i%$%V%i%j$,6!5k$9$k�(B LDAPS (LDAP over SSL) �$B$N�(B API
�$B$,MW5a$5$l$k$+$i$G$9!#$=$N%i%$%V%i%j$O%P%$%J%j%Q%C%1!<%8$G�(B
Netscape One License �$B$N$b$H$KG[I[$5$l$F$*$j!"%*!<%W%s%=!<%9�(B
�$B$G$O$"$j$^$;$s�(B (�$B$H$O$$$(%Q%V%j%C%/%I%a%$%s$G$O$"$j$^$9�(B)�$B!#�(B</P
><P
>�$B$=$N%Q%C%1!<%8$r!"$?$H$($P�(B <TT
CLASS="FILENAME"
>/usr/local/ldapsdk</TT
>
�$B$H$$$&%G%#%l%/%H%jFb$KE83+$7$F$/$@$5$$!#�(B</P
><P
>�$B$5$i$K!"%/%i%$%"%s%H%i%$%V%i%j$O>ZL@%G!<%?%Y!<%9$K%"%/%;%9$G$-�(B
�$B$J$/$F$O$J$j$^$;$s!#$3$N%G!<%?%Y!<%9$K$O�(B LDAP (stunnel) �$B%5!<%P>ZL@=q$H!"�(B
�$B$=$N%5!<%P>ZL@=q$K�(B (�$B!V?.MQ:Q$_�(B <trusted>�$B!W$H$7$F�(B) �$B=pL>$7$?�(B CA �$B$N�(B
CA �$B>ZL@=q$H$,4^$^$l$F$$$J$1$l$P$J$j$^$;$s!#�(B</P
><P
>�$B>ZL@%G!<%?%Y!<%9$O�(B Netscape �$B$N=q<0$N$b$N$G$J$1$l$P$J$j$^$;$s!#�(B
pam_ldap �$B$H�(B nss_ldap �$B$r%3%s%Q%$%k$9$k$?$a$K;H$o$l$F$$$k�(B Mozilla LDAP API
�$B$,�(B Netscape �$B$N=q<0$N>ZL@%G!<%?%Y!<%9$r;H$&$+$i$G$9!#�(B</P
><P
>�$B$=$N$h$&$J>ZL@%G!<%?%Y!<%9$r07$&$K$O!"�(BNetscape
�$B$,Ds6!$7$F$$$k�(B PKCS#11 �$B%Q%C%1!<%8Fb$K$"$k�(B certutil
�$B$H$$$&%f!<%F%#%j%F%#$r;H$&$N$,JXMx$G$9�(B
<A
NAME="AEN247"
HREF="#FTN.AEN247"
>[4]</A
>�$B!#�(B</P
><P
>LDAP �$B%/%i%$%"%s%H$N<gMW$J@_Dj%U%!%$%k$O�(B
<TT
CLASS="FILENAME"
>/etc/ldap.conf</TT
> �$B$G$9!#�(B</P
><P
>�$B$b$7�(B nss_ldap �$B$r;H$&$N$G$"$l$P!"87L)$K$O�(B pam_ldap �$B$N;HMQ$OI,MW$J$$$N$@�(B
�$B$H$$$&$3$H$r3P$($F$*$$$F$/$@$5$$!#�(B</P
><P
>�$B$=$N$+$o$j$K�(B pam_unix_auth �$B%b%8%e!<%k$r;H$($^$9!#�(B
�$B$J$<$J$i�(B nss_ldap �$B$O$"$i$f$k�(B getpw* �$B$*$h$S�(B getsh* �$B%3!<%k$r�(B LDAP �$B;2>H$K3dEv$F!"�(B
pam_unix_auth �$B$O%f!<%6G'>Z$K$3$N%3!<%k$rMxMQ$9$k$+$i$G$9!#�(B
(�$BLuCm!'$3$3$K$D$$$F!"Cx<T$N�(B Roel van Meer �$BMM$+$i$NCm0U$r$$$?$@$-$^$7$?!#�(B
�$BH`$O$=$NCf$G!"�(BPAM �$B$,G'>Z$K$N$_;H$o$l$k$3$H$H!"�(B
PAM �$B$,�(B NSS �$B%i%$%V%i%j$G$O$J$/�(BPAM �$B%i%$%V%i%j$+$i>pJs$rF@$k$3$H$r;XE&$7!"�(B
�$B!VG'>Z!W$K$O�(B pam_ldap �$B%b%8%e!<%k$,I,MW$@!"$H$*$C$7$c$C$F$$$^$7$?!#�(B
�$B=$@5$5$l$k$O$:$J$N$G!"@53N$J>pJs$O86J8$N:G?7HG$K$"$?$C$F$/$@$5$$!#�(B)</P
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN253"
>2.2.2.1. PAM LDAP �$B$N%$%s%9%H!<%k$H@_Dj�(B</A
></H4
><P
>pam_ldap �$B$r%3%s%Q%$%k$7$F%$%s%9%H!<%k$9$k$K$O!"�(B
�$B0J2<$N$h$&$K$7$F$/$@$5$$!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>$ ./configure --with-ldap-lib=netscape4 --with-ldap-dir=/usr/local/ldapsdk
$ make
# make install</PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>configure �$B$N�(B --with-ldap-lib �$B%*%W%7%g%s$O!"�(B
�$B$I$N�(B LDAP �$B%i%$%V%i%j$r;H$*$&$H$7$F$$$k$+$r;XDj$7$^$9!#�(B</P
><P
>--with-ldap-dir �$B%*%W%7%g%s$O!"$I$3$K�(B Netscape ldapsdk
�$B%D!<%k%-%C%H$r%$%s%9%H!<%k$7$F$"$k$N$+$r;XDj$7$^$9!#�(B</P
><P
>�$B$3$l$K$h$C$F�(B <TT
CLASS="FILENAME"
>/lib/security/pam_ldap.so.1</TT
>
�$B$H3F<o%7%s%\%j%C%/%j%s%/$,%$%s%9%H!<%k$5$l$^$9!#�(B</P
><P
>PAM �$B$,?7$7$$G'>Z%7%9%F%`$K%"%/%;%9$G$-$k$h$&$K!"�(B
�$BE,@Z$K@_Dj$5$l$J$/$F$O$$$1$^$;$s!#�(BPAM �$B@_Dj%U%!%$%k$O�(B
<TT
CLASS="FILENAME"
>/etc/pam.d</TT
> �$B$H$$$&%G%#%l%/%H%j$KG[CV$5$l!"�(B
�$BG'>Z$,6!5k$5$l$k%5!<%S%9L>$K$7$?$,$C$FL>IU$1$i$l$F$$$^$9!#�(B</P
><P
>�$B$?$H$($P0J2<$O�(B login �$B%5!<%S%9$N$?$a$N�(B PAM �$B@_Dj%U%!%$%k�(B
(<TT
CLASS="FILENAME"
>login</TT
> �$B$H$$$&L>A0$N%U%!%$%k�(B) �$B$G$9!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so use_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_unix_passwd.so use_first_pass md5 shadow
session required /lib/security/pam_unix_session.so</PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>PAM �$B$G;H$&I8=`E*$J�(B PAM �$B@_Dj%U%!%$%k$O�(B pam_ldap �$B$N%=!<%9$N�(B
<TT
CLASS="FILENAME"
>pam_ldap-(�$B%P!<%8%g%s�(B)/pam.d</TT
> �$B$H$$$&%G%#%l%/%H%j�(B
�$B$NCf$K$"$j$^$9!#�(B</P
><P
>�$B$3$NI8=`E*$J%U%!%$%k$O�(B <TT
CLASS="FILENAME"
>/etc/pam.d</TT
> �$B%G%#%l%/%H%j$NCf$K�(B
�$B%3%T!<$G$-$^$9!#$b$72?$+$*$+$7$J$3$H$r$7$F$7$^$&$H!"$*$=$i$/:F$S%m%0%$%s�(B
�$B$G$-$J$/$J$C$F$7$^$&$N$G!"$3$NA`:n$r$9$k;~$OCm0U?<$/9T$C$F$/$@$5$$!#�(B
�$B?7$7$$%U%!%$%k$r%$%s%9%H!<%k$9$kA0$K�(B
<TT
CLASS="FILENAME"
>/etc/pam.d</TT
> �$B$N%P%C%/%"%C%W$r$H$C$F$*$-!"�(B
�$B$=$l$rI|5"$5$;$k8"8B$N$"$k%7%'%k$r3+$$$?$^$^$K$7$F$*$/$3$H$r$*4+$a$7$^$9!#�(B</P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>�$B$=$N%5%s%W%k$N�(B <TT
CLASS="FILENAME"
>pam.d</TT
> �$B%G%#%l%/%H%j$K$O�(B
<TT
CLASS="FILENAME"
>sshd</TT
> �$B$H$$$&%U%!%$%k$,$"$j$^$;$s!#$=$N$?$a!"�(B
�$B$=$l$r:n@.$7$J$1$l$P!"�(Bpam �$B$r;H$&�(B ssh �$B$r2p$7$F%m%0%$%s�(B
�$B$G$-$^$;$s�(B (OpenSSH �$B$O�(B PAM �$B$r;HMQ$7$^$9�(B)�$B!#�(B</P
></BLOCKQUOTE
></DIV
></DIV
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN277"
>2.2.2.2. NSS LDAP �$B$N%$%s%9%H!<%k$H@_Dj�(B</A
></H4
><P
>�$B%=!<%9$rE83+$7$F$+$i!"�(BMakefile
�$B$r3NG'$7$F$/$@$5$$!#$[$H$s$I$N@_DjFbMF$KBP$7$F$OJT=8$NI,MW$O$"$j$^$;$s!#�(B
�$B$H$O$$$(!"�(BSSL �$B$r;H$$$?$$$N$G$"$l$P�(B SSL �$BBP1~$N�(B LDAP
�$B%i%$%V%i%j�(B �$B!=�(B �$B$?$H$($P�(B Netscape �$B$N$b$N�(B �$B!=�(B �$B$r%j%s%/$7$J$/$F$O$J$j$^$;$s!#�(B</P
><P
>LDAP �$B$N�(B SDK �$B$,�(B <TT
CLASS="FILENAME"
>/usr/local/ldapsdk</TT
>
�$BFb$K$"$k$H$9$l$P!"�(BSSL �$B$rM-8z$K$9$k$K$O!"�(BMakefile �$B$r=$@5$7$J$1$l$P$J$j$^$;$s!#�(B
�$B$=$N=$@5FbMF$O!"�(B<TT
CLASS="FILENAME"
>Makefile.linux.mozilla</TT
>
�$BFb$G�(B NSFLAGS �$B$rC5$7$F!"%3%a%s%H$K$J$C$F$$$k�(B -DSSL �$B$rM-8z$K$9$k$3$H$G$9!#�(B</P
><P
>�$B$5$i$K�(B LIBS �$B$NDj5A$r8+$F!"$=$N%U%!%$%kFb$G;XDj$5$l$F$$$k�(B
ldapssl �$B%i%$%V%i%j$,!"<+J,$N%$%s%9%H!<%k$7$F$"$k$b$N$HF1$8$+$I$&$+�(B
�$B$r3NG'$7$F$/$@$5$$�(B (ldap_nss.so �$B$O�(B libldapssl40 �$B$H�(B libldapssl30
�$B$NN>J}$K%j%s%/$7$F%3%s%Q%$%k$5$l$^$9�(B)�$B!#�(B</P
><P
>�$B$=$N8e!"%i%$%V%i%j$r%$%s%9%H!<%k$G$-$^$9�(B �$B!=�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>$ make -f Makefile.linux.mozilla
# make -f Makefile.linux.mozilla install
#ldconfig </PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>�$B$3$l$K$h$C$F�(B <TT
CLASS="FILENAME"
>/lib/libnss_ldap.so</TT
>
�$B$,%$%s%9%H!<%k$5$l$^$9!#$3$l$,�(B nss_ldap �$B%i%$%V%i%j$G$9!#�(B
�$B$=$7$F�(B <TT
CLASS="FILENAME"
>/etc/nsswitch.ldap</TT
>
�$B$H�(B <TT
CLASS="FILENAME"
>/etc/ldap.conf</TT
>
�$B$H$,$^$@B8:_$7$F$J$$>l9g$K$O!"%5%s%W%k$N@_Dj%U%!%$%k$H$7$F%$%s%9%H!<%k$5$l$^$9!#�(B</P
><P
>�$B%$%s%9%H!<%k$7$?$i!"$=$N�(B NSS �$B@_Dj%U%!%$%k�(B
<TT
CLASS="FILENAME"
>/etc/nsswitch.conf</TT
> �$B$rJT=8$7$J$/$F$O$J$j$^$;$s!#�(B
LDAP �$B$O$"$i$f$k%5!<%S%9$KMQ$$$k$3$H$,$G$-$k$N$G$9$,!":#2s$O�(B passwd,
group, shadow �$B$K$N$_;HMQ$7$^$9!#$3$N>l9g!"@_Dj%U%!%$%k$NKAF,$K�(B
�$B0J2<$N$h$&$J$3$H$r=q$$$F$*$/$Y$-$G$9!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>
passwd: files ldap
group: files ldap
shadow: files ldap</PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>�$B$3$N@_Dj$@$H%(%s%H%j$O!"$^$:%7%9%F%`%U%!%$%kFb$GC5$5$l$F!"�(B
�$BCM$,JV$C$F$3$J$+$C$?$J$i�(B LDAP �$B%5!<%P$KLd$$9g$o$;$i$l$^$9!#�(B</P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>LDAP �$B$r�(B DNS �$BLd$$9g$o$;$N%P%C%/%(%s%I�(B
�$B$H$7$F;H$&$H$-$K$OCm0U$7$F$/$@$5$$!#�(BDNS �$B$,$=$N%5!<%P$N%[%9%HL>$r�(B
�$B2r7h$G$-$J$$$H!"L58B%k!<%W$KF~$C$F$7$^$&$N$G$9!#�(B
�$B$J$<$J$i�(B libldap �$B<+BN$,�(B gethostbyname() �$B$r%3!<%k$9$k$+$i$G$9!#�(B
(nsswitch.ldap �$BFb$N5-=R$h$j�(B)</P
></BLOCKQUOTE
></DIV
></DIV
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN298"
>2.2.2.3. NSCD �$B$N@_Dj�(B</A
></H4
><P
>NSCD �$B$OB?$/$N�(B Linux �$B%G%#%9%H%j%S%e!<%7%g%s$K$O�(B
�$B:G=i$+$iF~$C$F$$$^$9!#F~$C$F$$$J$/$F$b�(B GNU C �$B%i%$%V%i%j$N�(B
�$B%Q%C%1!<%8Fb$K$"$j$^$9!#�(B</P
><P
>NSCD �$B$N@_Dj%U%!%$%k$O�(B <TT
CLASS="FILENAME"
>/etc/nscd.conf</TT
>
�$B$G$9!#3F9T$OB0@-$HCM!"$^$?$OB0@-$H%-%c%C%7%eL>$HCM$N$$$:$l$+$r;XDj$7$^$9!#�(B
�$B$=$l$>$l$N%U%#!<%k%I$O%9%Z!<%9$+%?%V$G6h@Z$i$l$^$9!#%-%c%C%7%eL>$O�(B
hosts, passwd, groups �$B$N$$$:$l$+$K$9$k$3$H$,$G$-$^$9�(B (�$B:#2s$O�(B
hosts �$B$r%-%c%C%7%e$7$^$;$s�(B)�$B!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>enable-cache passwd yes
positive-time-to-live passwd 600
negative-time-to-live passwd 20
suggested-size passwd 211
keep-hot-count passwd 20
check-files passwd yes
enable-cache group yes
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 211
keep-hot-count group 20
check-files group yes </PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>LDAP �$B$+$iF@$?�(B passwd �$B%(%s%H%j$r�(B NSCD �$B%W%m%0%i%`$,�(B
�$B%-%c%C%7%e$7$F$7$^$&$H$$$&$3$H$r?4$KLC5-$7$F$*$$$F$/$@$5$$!#�(B</P
><P
>�$B$3$l$O$D$^$j!"�(BLDAP �$B%5!<%P>e$N%f!<%6>pJs$K<j$r2C$($?$H$-$K$b�(B
NSCD �$B%-%c%C%7%e$OM-8z$J$^$^$@$H$$$&$3$H$G$9!#$3$NLdBj$O!"�(B
check-files �$B%G%#%l%/%F%#%V$K$h$C$FDL>o$N�(B UNIX �$B%U%!%$%k$rMxMQ$9$l$PHr$1$i$l$^$9!#�(B
�$B$3$l$OBP1~$9$k%U%!%$%k$,JQ99$5$l$?$H$-$K$O%-%c%C%7%e$rL58z$K$7$^$9!#�(B
�$B$3$N$h$&$J;EAH$_$O0lHLE*$J$O$:$J$N$K!"8=;~E@$G�(B LDAP
�$B$K$OE,MQ$5$l$^$;$s!#�(BLDAP �$B%5!<%P$H%-%c%C%7%e$N4V$NIT@09g$r�(B
�$BHr$1$kJ}K!$O!"�(Bpasswd �$B%(%s%H%j$r99?7$7$?$H$-$K�(B
�$B<!$N%3%^%s%I$rBG$C$F<+J,$G%-%c%C%7%e$rL58z$K$9$k$3$H$G$9!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>#nscd --invalidate=TABLE </PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>�$B>e5-�(B TABLE �$B$N$H$3$m$O�(B passwd, groups, hosts �$B$N$$$:$l$+$K$J$j$^$9!#�(B</P
><P
>�$B;nMQ;~$K$O!":.Mp$rHr$1$k$?$a�(B NSCD �$B$r;H$o$J$$$h$&$K$7$F$/$@$5$$!#�(B</P
><P
>�$B$5$i$K8@$($P!"�(BNSS �$B$H�(B NSCD �$B$N;HMQ$OBgNL$N�(B
�$B%U%!%$%k%G%9%/%j%W%?$r3+$$$F$7$^$$$^$9!#�(B
�$B$=$N$?$a!"%7%9%F%`>e$N;H$($k%U%!%$%k%G%9%/%j%W%?$,�(B
�$B4JC1$KITB-$7$F$7$^$$$^$9�(B (�$B$3$l$O%7%9%F%`$r%O%s%0$5$;$+$M$^$;$s�(B)�$B!#�(B</P
><P
>Linux �$B%^%7%s�(B (�$B%+!<%M%k�(B 2.2.x) �$B$G$O!"�(B
�$B<!$N$h$&$K$7$F%U%!%$%k%G%9%/%j%W%?$N>e8B$rA}$d$9$3$H$,$G$-$^$9!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>#echo 16384 > /proc/sys/fs/file-max</PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>�$B?d>)$5$l$k%U%!%$%k%G%9%/%j%W%?>e8BCM$O!"$H$K$+$/�(B
�$B$=$N%7%9%F%`$N9=@.$K0MB8$7$^$9!#�(B</P
></DIV
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN316"
>2.2.2.4. LDAP �$B%/%i%$%"%s%H$N@_Dj%U%!%$%k�(B</A
></H4
><P
>LDAP �$B%/%i%$%"%s%H$N@_Dj%U%!%$%k$G$"$k�(B <TT
CLASS="FILENAME"
>/etc/ldap.conf</TT
>
�$B$O!"B>$N�(B LDAP �$B%/%i%$%"%s%H$+$i$HF1MM!"�(Bpam_ldap �$B$d�(B nss_ldap �$B$+$i$bFI$^$l$^$9!#�(B
�$B0J2<$O!"$=$N%U%!%$%k$,:#2s$N4D6-$G$O$I$N$h$&$K$J$C$F$$$k$Y$-$+$N0lNc$G$9!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>#
# @(#)$Id: ldap.conf,v 2.18 2001/03/28 23:35:00 lukeh Exp $
# �$B$3$l$O�(B LDAP NSS �$B%i%$%V%i%j$H�(B LDAP PAM �$B%b%8%e!<%k$N$?$a$N@_Dj%U%!%$%k$G$9!#�(B
# PADL Software
# http://www.padl.com
#
# �$B$b$7$3$N%U%!%$%k$K�(B host �$B$b�(B base �$B$b$J$1$l$P!"$=$N$H$-$O�(B
# _ldap._tcp.[defaultdomain]. �$B$H$$$&�(B DNS RR �$B$,2r7h$5$l$^$9!#�(B
# [defaultdomain] �$B$O<1JLL>$K3d$jEv$F$i$l!"�(B
# �$BL\I8$N%[%9%H$O%5!<%P$H$7$F;H$o$l$k$3$H$K$J$j$^$9!#�(B
#
# �$B<+J,$N�(B LDAP �$B%5!<%P$G$9!#�(BLDAP �$B$r;H$o$:$K2r7h$G$-$J$/$F$O$J$j$^$;$s!#�(B
host 192.111.111.111
#
# �$B8!:w%Y!<%9$N<1JLL>$G$9!#�(B
base dc=yourorg, dc=com
#
# �$B;HMQ$9$k�(B LDAP �$B$N%P!<%8%g%s$G$9!#�(B(�$B%G%U%)%k%H$O�(B 2 �$B$G$9$,!"�(B
# OpenLDAP 2.0.x �$B$d�(B Netscape Directory Server �$B$r;H$&$J$i�(B 3 �$B$K$7$F$/$@$5$$�(B)
# ldap_version 3
#
# �$B%5!<%P$K%P%$%s%I$9$k<1JLL>$G$9!#�(B
# �$B;XDj$OG$0U$G$9�(B �$B!=�(B �$B;XDj$7$J$1$l$PF?L>%P%$%s%I$G$9!#�(B
# binddn cn=manager,dc=padl,dc=com
#
# �$B%P%$%s%I$9$k;q3J>ZL@$G$9!#�(B
# �$B;XDj$OG$0U$G$9�(B �$B!=�(B �$B;XDj$7$J$1$l$P;q3J>ZL@$,ITMW$G$9!#�(B
#bindpw secret
#
# �$B%]!<%H$G$9!#�(B
# �$B;XDj$OG$0U$G$9�(B �$B!=�(B �$B;XDj$7$J$1$l$P�(B 389 �$B$G$9!#�(B636 �$B$O�(B LDAPS �$BMQ$G$9!#�(B
port 636
#
# �$B8!:w%9%3!<%W$G$9!#�(B
#scope sub
#scope one
#scope base
#
# �$B0J2<$N%*%W%7%g%s$O�(B nss_ldap �$BFCM-$N$b$N$G$9!#�(B
#
# �$B<+J,$N�(B libc �$B$,;H$&%O%C%7%e$N%"%k%4%j%:%`$G$9!#�(B
# �$B;XDj$OG$0U$G$9�(B �$B!=�(B �$B;XDj$7$J$1$l$P�(B des �$B$G$9!#�(B
#crypt md5
#crypt sha
#crypt des
#
# �$B0J2<$N%*%W%7%g%s$O�(B pam_ldap �$BFCM-$N$b$N$G$9!#�(B
#
# uid=%s �$B$K�(B AND �$B$9$k%U%#%k%?$G$9!#�(B
pam_filter objectclass=posixAccount
#
# �$B%f!<%6�(B ID �$B$NB0@-$G$9!#�(B(�$B%G%U%)%k%H$O�(B uid)
pam_login_attribute uid
#
# �$B%Q%9%o!<%I%]%j%7!<$r%k!<%H�(B DSE �$B$G8!:w$7$^$9!#�(B
# (Netscape Directory Server �$B$KM-8z$G$9�(B)
# (�$BLuCm!'%k!<%H�(B DSE �$B$K$D$$$F$O�(B Root Directory Server Specific Entry
# �$B$N$3$H$@$H$$$&Js9p$r$$$?$@$-$^$7$?!#Lu<T$OCN$j$^$;$s$G$7$?!#�(B)
#pam_lookup_policy yes
#
# �$B$3$N%0%k!<%W$N%a%s%P$G$"$k$3$H$r6/MW$7$^$9!#�(B
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
#
# �$B%0%k!<%W%a%s%P$NB0@-$G$9!#�(B
pam_member_attribute memberuid
# �$B%F%s%W%l!<%H%m%0%$%s$NB0@-$H!"%G%U%)%k%H$N%F%s%W%l!<%H%f!<%6$G$9!#�(B
# (�$B$3$l0JA0$N%f!<%6$N%(%s%H%jFb$NB0@-$G>e=q$-$G$-$^$9�(B)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody
#
# �$B%m!<%+%k$K%Q%9%o!<%I$r%O%C%7%e$7$^$9!#�(B
# University of Michigan �$BHG�(B LDAP �$B%5!<%P$KI,MW$H$5$l$^$9!#�(B
# �$B$^$?!"$b$7�(B UNIX-Crypt �$B$N%O%C%7%e5!9=$r;HMQ$7$F$*$j!"�(B
# �$B$+$D�(B NT Synchronization (�$BF14|�(B) �$B%5!<%S%9$r;HMQ$7$F$$$J$$$J$i$P�(B
# Netscape Directory Server �$B$GM-8z$G$9!#�(B
pam_crypt local
#
# SSL �$B$N@_Dj�(B
ssl yes
sslpath /usr/local/ssl/certs</PRE
></FONT
></TD
></TR
></TABLE
></P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>�$B$3$N%U%!%$%k$rFI$`$3$H$N$"$k<o!9$N%"%W%j%1!<%7%g%s�(B
�$B$H$NLdBj$rHr$1$k$?$a$K!"%Q%i%a!<%?$HCM$H$N4V$K�(B
�$B%?%V$r;H$o$:!"%9%Z!<%9$R$H$D$@$1$r;H$&$h$&$*4+$a$7$^$9!#�(B</P
></BLOCKQUOTE
></DIV
><P
>pam_groupdn �$B%G%#%l%/%F%#%V$O�(B LDAP �$B%5!<%P$,�(B
�$B0lO"$N%/%i%$%"%s%H$NG'>Z>pJs$r4IM}$7$F$$$k>l9g$K!"�(B
�$B%f!<%6$,G'2D$5$l$k$N$r0lIt$N%/%i%$%"%s%H$@$1$K8BDj$7$?$$�(B
�$B$H$-$KJXMx$G$9!#$3$N%G%#%l%/%F%#%V$O�(B NIS �$B$N�(B netgroups �$B$HF1$85!G=$r�(B
�$BDs6!$9$k$3$H$,$G$-$k$N$G$9!#�(B</P
><P
>SSL �$B@_Dj$K4X$9$k%G%#%l%/%F%#%V$O%Q%C%1!<%8Fb$GJ8=q2=�(B
�$B$5$l$F$$$^$;$s$,!"�(BSSL �$B$rM-8z$K$7!"�(BLDAP
�$B%5!<%P>ZL@=q$*$h$S�(B CA �$B>ZL@=q$r4^$`%U%!%$%k$,�(B
�$B$I$3$K3JG<$5$l$F$$$k$+;XDj$7$^$9!#�(B</P
><P
>cert7.db �$B$H$$$&L>A0$N�(B Netscape �$B>ZL@=q%G!<%?%Y!<%9$,�(B
sslpath �$BFb$G8!:w$5$l$^$9!#$3$N%U%!%$%k$K$O%5!<%P>ZL@=q$H�(B
(�$B$=$N%5!<%P>ZL@=q$,<+8J=pL>$G$J$$$+$.$j�(B)
CA �$B>ZL@=q$H$r4^$s$G$$$J$1$l$P$J$j$^$;$s!#$3$N%U%!%$%k$r@8@.$9$k$K$O�(B
�$B$U$?$D$NJ}K!�(B �$B!=�(B Netscape PKCS#11 �$B$r;H$&$+�(B Netscape �$B$N%V%i%&%6$r;H$&$+�(B
�$B!=�(B �$B$,$"$j$^$9!#�(B</P
><P
>Netscape �$B$N%V%i%&%6$r;H$&>l9g$O!"%5!<%P>e$G�(B slapd �$B$H�(B stunnel
�$B$r5/F0$7$?$"$H$G�(B Netscape Navigator �$B$r�(B https://your.ldap.server:636/
�$B$H$$$&�(B URL �$B$K@\B3$9$k$H!"<+J,$N%G!<%?%Y!<%9$K$=$N%5!<%P>ZL@=q$rF~NO$9$k$h$&�(B
�$BB%$5$l$^$9!#�(B(�$B<+8J=pL>$N>ZL@=q$r;H$o$J$$$N$G$"$l$P�(B) �$BF1MM$K�(B
(CA �$B$+$i6!5k$5$l$k�(B) CA �$B>ZL@=q$b%G!<%?%Y!<%9$K%m!<%I�(B
�$B$7$J$/$F$O$J$j$^$;$s!#$3$3$^$GMh$?$i!"�(B<TT
CLASS="FILENAME"
>$HOME/.netscape/cert7.db</TT
>�$B$r�(B <TT
CLASS="FILENAME"
>sslpath</TT
> �$B$K%3%T!<$G$-$^$9!#�(B
�$B>e5-$N:n6H$N:]!"%G%U%)%k%H$N�(B <TT
CLASS="FILENAME"
>cert7.db</TT
> �$B$r;}$D�(B
�$B=i4|>uBV$N%"%+%&%s%H$G9T$J$&J}$,9%$^$7$$$G$9!#$J$<$J$i�(B
�$B<+J,$N>ZL@=q%G!<%?%Y!<%9$K$OB>$N%5!<%P>ZL@=q$,$"$k$+$b$7$l$:!"$"$k$H�(B
LDAP �$B%/%i%$%"%s%H$,$=$l$r!"?.MQ:Q$_$NG'>Z%5!<%P$J$N$@$H�(B
�$B$_$J$7$F$7$^$&$+$i$G$9!#$$$C$?$s%5!<%P>ZL@=q$,%$%s%]!<%H$5$l$?�(B
�$B%V%i%&%6$O�(B SSL �$B$r%G%P%C%0$9$k$?$a$K;H$($^$9!#�(B
�$B$=$N%V%i%&%6$O�(B pam �$B$d�(B nss �$B$N%i%$%V%i%j$N$h$&$K$U$k$^$&$+$i$G$9!#�(B</P
></DIV
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN331"
>2.3. �$B5/F0�(B</A
></H2
><P
>�$B%5!<%PB&$G!"<!$N$h$&$J%3%^%s%I$K$h$C$F!"�(B
slapd (LDAP �$B%G!<%b%s%W%m%;%9�(B) �$B$r5/F0$7$J$/$F$O$$$1$^$;$s!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
># slapd </PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>�$B$b$7�(B stunnel �$B$r;H$&$J$i!"�(BLDAPS �$B$N�(B 636 �$BHV$N%]!<%H>e$G�(B
�$B5/F0$7$J$/$F$O$$$1$^$;$s!#<!$N$h$&$K$7$F$/$@$5$$!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>
# /usr/local/sbin/stunnel -r ldap -d 636 -p /usr/local/ssl/certs/stunnel.pem</PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>TLS (OpenSSL) �$BIU$-$G%3%s%Q%$%k$5$l$?�(B OpenLDAP 2.0.x
�$B$r;H$&$N$G$"$l$P!"<!$N%3%^%s%I$G%5!<%P$r5/F0$G$-$^$9!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>
# slapd -h "ldap:/// ldaps:///"</PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>�$B%/%i%$%"%s%H>e$G!"�(BNSCD �$B$rB?$/$N%G%#%9%H%j%S%e!<%7%g%s$K�(B
�$B$U$D$&4^$^$l$F$$$k5/F0%9%/%j%W%H$+$i5/F0$G$-$^$9!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>
# /etc/rc.d/init.d/nscd start</PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>PAM �$B$H�(B NSS �$B$,E,@Z$K@_Dj$5$l$F$$$l$P!"$3$l$G==J,$N$O$:$G$9!#�(B</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN346"
>2.4. �$B%"%+%&%s%H$NJ]<i4IM}�(B</A
></H2
><P
>�$B$3$3$^$GMh$?;~E@$G!"�(BLDAP �$B%/%i%$%"%s%H%D!<%k$r;H$C$F�(B
�$B%"%+%&%s%H:n@.$HJ]<i4IM}$,$G$-$k$O$:$G$9!#�(B</P
><P
>�$B;DG0$J$,$iHFMQE*$J%D!<%k$N$[$H$s$I$O�(B Un*x
�$B%"%+%&%s%H$N4IM}MQ$K$O$G$-$F$$$^$;$s!#�(B
�$B$=$l$K8+9g$&5!G=$,$"$k$h$&$K;W$($k$b$N$O!"�(B
LDAP Browser/Editor (<A
HREF="http://www-unix.mcs.anl.gov/~gawor/ldap"
TARGET="_top"
>http://www-unix.mcs.anl.gov/~gawor/ldap</A
>) �$B$,$"$j!"$=$l$O�(B
�$B?'!9$J=q<0$G%Q%9%o!<%I$N@_Dj$,$G$-!"%5!<%P$K@\B3$9$k$?$a$K�(B SSL �$B$r;HMQ�(B
�$B$G$-$^$9!#�(B</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN351"
>2.5. �$B4{CN$N@)8B;v9`�(B</A
></H2
><P
>�$BC1FH$N%^%9%?%5!<%P$K$h$k�(B (�$B%9%l!<%V%5!<%P$N$J$$�(B) NIS
�$B$N>l9g$HF1MM$K!"%l%W%j%1!<%7%g%s$rMxMQ$7$J$$�(B LDAP �$B$OG'>Z5!9=$K$H$C$F�(B
�$B!V�(Ba single point of failure (�$BC10l5!4o$N>c32$,%7%9%F%`A4BN$N�(B
�$B>c32$H$J$C$F$7$^$&<eE@�(B)�$B!W$G$"$k$H8@$($^$9!#�(B
�$B$G$9$+$i�(B LDAP �$B%l%W%j%1!<%7%g%s$r<BAu$9$k$3$H$O!"G'>Z$H$$$&L\E*$N$?$a$K$O0lAX�(B
�$B=EMW$H8@$($^$9!#�(BOpenLDAP (slapd) �$B$K$h$k%5!<%P$O%l%W%j%1!<%7%g%s5!G=$r�(B
�$BHw$($F$$$^$9!#�(B</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN354"
>2.6. �$B%U%!%$%k$N%Q!<%_%C%7%g%s�(B</A
></H2
><P
>�$B0J2<$OG'>Z%7%9%F%`$G;H$o$l$k%U%!%$%k$K�(B
�$BE,MQ$5$l$F$$$k$Y$-%Q!<%_%C%7%g%s$N0lIt$G$9!#�(B</P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>
-rw-r--r-- root.root /etc/ldap.conf
-rw------- root.root /usr/local/etc/openldap/slapd.conf
-rwxr-xr-x root.root /lib/security/pam_ldap.so.1
-rw-r--r-- root.root /lib/libnss_ldap-2.1.2.so
-rw-r--r-- root.root /usr/local/ssl/certs/cert7.db
-rw------- root.root /usr/local/ssl/certs/stunnel.pem </PRE
></FONT
></TD
></TR
></TABLE
></P
></DIV
></DIV
><H3
CLASS="FOOTNOTES"
>Notes</H3
><TABLE
BORDER="0"
CLASS="FOOTNOTES"
WIDTH="100%"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.AEN115"
HREF="pamnss.html#AEN115"
>[1]</A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
>LDAP �$B%G!<%?%Y!<%9$N�(B
�$BJ#@=$r%5!<%P4V$G9T$J$&;EAH$_�(B</P
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.AEN146"
HREF="pamnss.html#AEN146"
>[2]</A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
>NIS
�$B$G3d$jEv$F$F$$$k>l9g$O0[$J$j$^$9!#�(B</P
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.AEN176"
HREF="pamnss.html#AEN176"
>[3]</A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
>�$B$R$H$D$N%(%s%H%j$,J#?t$N�(B objectclass �$B$KB0$9$k$3$H$,$G$-$^$9!#�(B</P
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.AEN247"
HREF="pamnss.html#AEN247"
>[4]</A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
>�$B%&%i5;$H$7$F!"�(BNetscape Communicator
�$B$N>ZL@%G!<%?%Y!<%9$r;H$&$3$H$b$G$-$^$9!#�(B</P
></TD
></TR
></TABLE
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="overview.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="radius.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>�$B35MW�(B</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
> </TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>LDAP �$B$r;H$C$?�(B Radius �$BG'>Z�(B</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
