We provides both YUM and APT repositories.
You can install YUM/APT repository by executing the command below. Although you must want to install SNTS server and client into separate hosts, we here install them into the same host for the sake of simplicity of explanation.
$ curl -fsSL https://repo.stns.jp/scripts/yum-repo.sh | sh
$ curl -fsSL https://repo.stns.jp/scripts/apt-repo.sh | sh
Although we use commands for RHEL in what follows, the equivalent commands will work also for Debian family.
You can install STNS server by installing the
stns-v2 package. The STNS client consists of packages:
$ yum install stns-v2 libnss-stns-v2
After successfully installing packages, let’s configure STNS server.
port = 1104 include = "/etc/stns/conf.d/*" [users.example] id = 1001 group_id = 1001 keys = ["ssh-rsa XXXXX…"] [groups.example] id = 1001 users = ["example"]
This configuration means that the STNS server:
We encourage you to set configurations for each teams into separate files.
Reload the server right after modifying the file to activate the new configuration.
$ service stns restart
Firstly, configure STNS client.
api_endpoint = "http://<server-ip>:1104/v1"
Secondly, configure the name resolution order like below.
passwd: files stns shadow: files stns group: files stns
Add snts into
nsswitch.conf to enable name resolution using STNS. To use LDAP concurrently, you can configure like:
passwd: files stns ldap.
If systemd-logind does not allow network access, you can not make HTTP request, so please allow it if necessary.
$ sed -i "s / ^ IPAddressDeny = any / # IPAddressDeny = any /" / lib / systemd / system / systemd - logind.service
$ systemctl restart systemd-logind
Lastly, configure sshd to enable SSH login using STNS.
PubkeyAuthentication yes AuthorizedKeysCommand /usr/lib/stns/stns-key-wrapper AuthorizedKeysCommandUser root
This configuration means that tha SSH server:
/usr/lib/stns/stns-key-wrapperto retrieve the public key for the login user.
Reload sshd right after the modifying the configuration file.
service sshd restart
Installation of STNS has been finally completed! In addition, since SELinux is not supported at present, if you do not operate properly please disable SELinux and try.
This theme is a fork of Solo.