diff options
| author | gasperfele@fri1.uni-lj.si <gasperfele@fri1.uni-lj.si@5cf9fbd1-b2bc-434c-b4b7-e852f4f63414> | 2015-03-17 16:02:15 +0000 |
|---|---|---|
| committer | gasperfele@fri1.uni-lj.si <gasperfele@fri1.uni-lj.si@5cf9fbd1-b2bc-434c-b4b7-e852f4f63414> | 2015-03-17 16:02:15 +0000 |
| commit | 4df70266cf670f5f12f3219b18e59b7aaafaf1b0 (patch) | |
| tree | e45f681204b3a089086e98ac67ad83f538f66478 /kpov_judge/tasks/radius_mysql_pam | |
| parent | dd9bc626dcb1af109fa12960de70a3ef53aef323 (diff) | |
Fixed instructions
git-svn-id: https://svn.lusy.fri.uni-lj.si/kpov-public-svn/kpov-public@288 5cf9fbd1-b2bc-434c-b4b7-e852f4f63414
Diffstat (limited to 'kpov_judge/tasks/radius_mysql_pam')
| -rw-r--r-- | kpov_judge/tasks/radius_mysql_pam/task.py | 49 |
1 files changed, 38 insertions, 11 deletions
diff --git a/kpov_judge/tasks/radius_mysql_pam/task.py b/kpov_judge/tasks/radius_mysql_pam/task.py index b53c1b7..839090f 100644 --- a/kpov_judge/tasks/radius_mysql_pam/task.py +++ b/kpov_judge/tasks/radius_mysql_pam/task.py @@ -5,22 +5,49 @@ instructions = {
'si':u"""
Ustvari dva navidezna računalnika - SimpleArbiter z diska simpleArbiterDhcp ter
-RadiusServer. SimpleArbeiterDhcp dobis na naslovu polz.si/media/uploads/kpov/virtualke. Na RadiusServer namesti FreeRadius.
-Na SimpleArbiter preberi skrivnost ter poskrbi, da se bo s to skrivnostjo SimpleArbiter lahko povezal na RadiusServer.
+RadiusServer. Na RadiusServer namesti FreeRadius ter MySQL.
-Nato na RadiusServer namesti še podatkovno bazo mysql. Na SimpleArbiter preberi ime podatkovne baze, uporabniško ime na bazi ter geslo, s katerim se bo lahko klient s SimpleArbiter na to bazo lahko povezal.
-
-V bazi ustvari tabele, potrebne za delovanje FreeRadius (več na http://wiki.freeradius.org/guide/SQL-HOWTO). Nastavi FreeRadius tako, da se bodo podatki o uporabnikih črpali iz baze mysql.
+Ustvari mysql podatkovno bazo z imenom {MYSQL_DB_NAME}. Ustvari mysql
+uporabnika z imenom {MYSQL_ADMIN_USER} in geslom {MYSQL_ADMIN_PASSWORD},
+ki naj ima poln dostop do te baze. Prijava za tega uporabnika mora biti
+omogočena tudi s SimpleArbiter.
-Na SimpleArbiter preberi uporabnisko ime in geslo
-uporabnika ter ga dodaj v mysql tako, da bo strežnik Radius uporabnika s tem geslom sprejel. Za uporabnika ustvari tudi uporabniški račun (npr. z ukazom adduser). Upoštevaj, da testni program lahko temu uporabniku spremeni geslo. Poleg tega naj še vedno deluje prijava z uporabniškim imenom student in geslom vaje.
+Nastavi FreeRadius tako, da bo podatke o uporabnikih in geslih pobiral iz baze
+MySQL z imenom {MYSQL_DB_NAME}. Podatkovna shema (imena tabel) naj ostane
+privzeta.
-Nastavi PAM za prijavo (login) tako, da bo dovolj, če se uporabnik na ssh predstavi z geslom na strežniku Radius, ne glede na vnos v /etc/passwd oziroma /etc/shadow.
+Dostop do strežnika Radius na RadiusServer s SimpleArbiter naj bo mogoč ob
+uporabi skrivnosti {RADIUS_SECRET}.
+
+V bazi ustvari vnos, ki bo omogočil, da se na RadiusServer s pomočjo protokola
+Radius avtenticira uporabnik {RADIUS_USERNAME} z geslom {RADIUS_PASSWORD}.
+
+Nastavi PAM za prijavo (login) tako, da bo dovolj, če se uporabnik na ssh
+predstavi z uporabniškim imenom in geslom, ki sta veljavna na FreeRadius,
+ne glede na /etc/shadow oziroma /etc/password.
""",
'en':u"""
-TODO: correct this.
-Create two virtual computers - SimpleArbiter (using the SimpleArbiterDhcp.vdi disk) and RadiusServer. You can get the disk image at polz.si/media/uploads/kpov/virtualke. Install OpenRadius on the RadiusServer VM. Installation instructions can be found at evbergen.home.xs4all.nl/openradius/doc-using-openradius.html. OpenRadius uses two configuration files /etc/openradius/configuration and /etc/openradius/behaviour. The first one defines sources and interfaces of the server, the second one defines how the server responds to requests. Add your username and password from the SimpleArbiter VM to the OpenRadius configuration. Make shure that SimpleArbiter is able to connect to RadiusServer using the shared secret.
-Install the MySQL database on the RadiusServer VM. Log into the MySQL server using mysql -u root -p . Create the database using CREATE DATABASE <dbnamehere>. Add the columns username and password. Create the user test on RadiusServer and setup PAM so that the user password is checked against the MySQL database instead of the file /etc/passwd or /etc/shadow.
+Create two virtual machines - SimpleArbiter using the disk simpleArbiterDhcp
+and RadiusServer. On RadiusServer, install FreeRadius and MySQL.
+
+Create a mysql database named {MYSQL_DB_NAME}. Create a mysql user with the
+username {MYSQL_ADMIN_USER} and password {MYSQL_ADMIN_PASSWORD}. Make sure
+this user can access the database from SimpleArbiter and has administrative
+rights over the {MYSQL_DB_NAME} database.
+
+Set up FreeRadius so that the data about users and passwords is stored in the
+MySQL database. Keep the default schema (table names).
+
+Make the Radius server on RadiusServer accessible from SimpleArbiter using
+{RADIUS_SECRET} as the secret.
+
+Create an entry in the database which will enable a user with the username
+{RADIUS_USERNAME} to authenticate themself against the Radius server using
+the password {RADIUS_PASSWORD}.
+
+Set up PAM to enable login over ssh using a username and password which are
+valida on the FreeRadius server, regardless of the entries in /etc/shadow
+and/or /etc/password.
"""
}
|