一、服務端配置
1、修改open***的主配置文件,添加如下內容
[root@ttt open***]# cat /etc/open***/server.conf |more #########auth password######## script-security 3 ###--加入腳本處理,如用密碼驗證 auth-user-pass-verify /etc/open***/checkpsw.sh via-env ###指定只用的認證腳本 client-cert-not-required #####不請求客戶的CA證書,使用User/Pass驗證,如果 同時啓用證書和密碼認證,註釋掉該行 username-as-common-name ### 使用客戶提供的UserName作爲Common Name ############################ |
2、按照配置文件中的腳本路徑放置checkpsw.sh
[root@ttt open***]# cat checkpsw.sh #!/bin/sh ########################################################### # checkpsw.sh (C) 2004 Mathias Sundman <mathias@open***.se> # # This script will authenticate Open*** users against # a plain text file. The passfile should simply contain # one row per user with the username first followed by # one or more space(s) or tab(s) and then the password.
PASSFILE="/etc/open***/psw-file" LOG_FILE="/var/log/open***-password.log" TIME_STAMP=`date "+%Y-%m-%d %T"`
###########################################################
if [ ! -r "${PASSFILE}" ]; then echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE} exit 1 fi
CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`
if [ "${CORRECT_PASSWORD}" = "" ]; then echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE} exit 1 fi
if [ "${password}" = "${CORRECT_PASSWORD}" ]; then echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE} exit 0 fi
echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE} exit 1 |
3、賦予該腳本執行權限
4、準備用戶名和密碼認證文件,用戶名和密碼用空格隔開,同時確保open***啓動用戶可讀取該文件
[root@ttt open***]# cat psw-file
client01 123456 client02 123456789 爲了安全起見,將psw-file的權限盡量改小 [root@ttt open***]# chmod 400 psw-file |
5、重啓open***的服務進程
二、修改客戶端的配置文件,添加下面一行
三、開啓windows客戶端,進行密碼認證
文獻出自:http://www.2cto.com/os/201408/324437.html