Use correct syntax markup for shell
Approved by: carlavilla
This commit is contained in:
Li-Wen Hsu
parent
55c95407aa
commit
a9a9e66105
666 changed files with 17924 additions and 17924 deletions
|
|
@ -63,7 +63,7 @@ First, install OpenLDAP:
|
|||
[example]
|
||||
====
|
||||
|
||||
[source,bash]
|
||||
[source,shell]
|
||||
....
|
||||
# cd /usr/ports/net/openldap24-server
|
||||
# make install clean
|
||||
|
|
@ -111,7 +111,7 @@ The [.filename]#cert.crt#, [.filename]#cert.key#, and [.filename]#cacert.crt# fi
|
|||
[example]
|
||||
====
|
||||
|
||||
[source,bash]
|
||||
[source,shell]
|
||||
....
|
||||
% openssl genrsa -out cert.key 1024
|
||||
Generating RSA private key, 1024 bit long modulus
|
||||
|
|
@ -133,7 +133,7 @@ Finally, the certificate signing request needs to be signed:
|
|||
[example]
|
||||
====
|
||||
|
||||
[source,bash]
|
||||
[source,shell]
|
||||
....
|
||||
% openssl x509 -req -in cert.csr -days 365 -signkey cert.key -out cert.crt
|
||||
Signature ok
|
||||
|
|
@ -154,7 +154,7 @@ slapd_enable="YES"
|
|||
|
||||
Then run `/usr/local/etc/rc.d/slapd start`. This should start OpenLDAP. Confirm that it is listening on 389 with
|
||||
|
||||
[source,bash]
|
||||
[source,shell]
|
||||
....
|
||||
% sockstat -4 -p 389
|
||||
ldap slapd 3261 7 tcp4 *:389 *:*
|
||||
|
|
@ -288,14 +288,14 @@ With this set, package:security/pam_ldap[] will search the entire LDAP directory
|
|||
|
||||
Users whose shell is not in [.filename]#/etc/shells# will not be able to log in. This is particularly important when Bash is set as the user shell on the LDAP server. Bash is not included with a default installation of FreeBSD. When installed from a package or port, it is located at [.filename]#/usr/local/bin/bash#. Verify that the path to the shell on the server is set correctly:
|
||||
|
||||
[source,bash]
|
||||
[source,shell]
|
||||
....
|
||||
% getent passwd username
|
||||
....
|
||||
|
||||
There are two choices when the output shows `/bin/bash` in the last column. The first is to change the user's entry on the LDAP server to [.filename]#/usr/local/bin/bash#. The second option is to create a symlink on the LDAP client computer so Bash is found at the correct location:
|
||||
|
||||
[source,bash]
|
||||
[source,shell]
|
||||
....
|
||||
# ln -s /usr/local/bin/bash /bin/bash
|
||||
....
|
||||
|
|
@ -431,7 +431,7 @@ ldappasswd -D uid="$USER",ou=people,dc=example,dc=org \
|
|||
|
||||
This script does hardly any error checking, but more important it is very cavalier about how it stores your passwords. If you do anything like this, at least adjust the `security.bsd.see_other_uids` sysctl value:
|
||||
|
||||
[source,bash]
|
||||
[source,shell]
|
||||
....
|
||||
# sysctl security.bsd.see_other_uids=0
|
||||
....
|
||||
|
|
@ -643,7 +643,7 @@ To create a certificate authority, we simply need a self-signed certificate and
|
|||
[example]
|
||||
====
|
||||
|
||||
[source,bash]
|
||||
[source,shell]
|
||||
....
|
||||
% openssl genrsa -out root.key 1024
|
||||
% openssl req -new -key root.key -out root.csr
|
||||
|
|
@ -668,7 +668,7 @@ To sign the key, use `-CA` and `-CAkey` instead of `-signkey`:
|
|||
[example]
|
||||
====
|
||||
|
||||
[source,bash]
|
||||
[source,shell]
|
||||
....
|
||||
% openssl x509 -req -days 1024 \
|
||||
-in ldap-server-one.csr -CA root.crt -CAkey root.key \
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue