We provides both YUM and APT repositories.
You can install YUM/APT repository by executing the command below. Although you must want to install STNS server and client into separate hosts, we here install them into the same host for the sake of simplicity of explanation.
$ curl -fsSL https://repo.stns.jp/scripts/yum-repo.sh | sh
$ curl -fsSL https://repo.stns.jp/scripts/apt-repo.sh | sh
Although we use commands for RHEL in what follows, the equivalent commands will work also for Debian family.
You can install STNS server by installing the
stns-v2 package. The STNS client consists of packages:
$ yum install stns-v2 libnss-stns-v2 cache-stnsd
After successfully installing packages, let’s configure STNS server.
port = 1104 include = "/etc/stns/conf.d/*" [users.example] id = 1001 group_id = 1001 keys = ["ssh-rsa XXXXX…"] [groups.example] id = 1001 users = ["example"]
This configuration means that the STNS server:
We encourage you to set configurations for each teams into separate files.
Reload the server right after modifying the file to activate the new configuration.
$ service stns restart
Firstly, configure STNS client.
api_endpoint = "http://<server-ip>:1104/v1" [cached] enable = true
If you append
[cached].enable = true and to delegate cache function to cache-stnsd, should restart cache-stnsd.
[cached].enable = trueis default value when libnss-stns-v3.
$ service cache-stnsd restart
Secondly, configure the name resolution order like below.
passwd: files stns shadow: files stns group: files stns
Add stns into
nsswitch.conf to enable name resolution using STNS. To use LDAP concurrently, you can configure like:
passwd: files stns ldap.
Lastly, configure sshd to enable SSH login using STNS.
PubkeyAuthentication yes AuthorizedKeysCommand /usr/lib/stns/stns-key-wrapper AuthorizedKeysCommandUser root
This configuration means that tha SSH server:
/usr/lib/stns/stns-key-wrapperto retrieve the public key for the login user.
Reload sshd right after the modifying the configuration file.
service sshd restart
Installation of STNS has been finally completed! In addition, since SELinux is not supported at present, if you do not operate properly please disable SELinux and try.
This theme is a fork of Solo.