Translations by Stéphane V
Stéphane V has submitted the following strings to this translation. Contributions are visually coded: currently used translations, unreviewed suggestions, rejected suggestions.
2055. |
You will then be prompted to enter the name of the Kerberos Realm. Also, if you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> records, the menu will prompt you for the hostname of the Key Distribution Center (KDC) and Realm Administration server.
|
|
2009-03-24 |
Il vous sera alors demandé de donner le nom du Domaine Kerberos. Si vous n'avez pas de DNS configuré avec des enregistrements <emphasis>SRV</emphasis> Kerberos, le menu vous demandera le nom de l'hôte KDC et le serveur d'administration du Domaine.
|
|
2056. |
The <application>dpkg-reconfigure</application> adds entries to the <filename>/etc/krb5.conf</filename> file for your Realm. You should have entries similar to the following:
|
|
2009-03-24 |
<application>dpkg-reconfigure</application> ajoute des entrées au fichier <filename>/etc/krb5.conf</filename> pour vottre Domaine. Vous devriez avoir des entrées similaires à :
|
|
2057. |
[libdefaults]
default_realm = EXAMPLE.COM
...
[realms]
EXAMPLE.COM = }
kdc = 192.168.0.1
admin_server = 192.168.0.1
}
|
|
2009-03-24 |
[libdefaults]
default_realm = EXAMPLE.COM
...
[realms]
EXAMPLE.COM = }
kdc = 192.168.0.1
admin_server = 192.168.0.1
}
|
|
2058. |
You can test the configuration by requesting a ticket using the <application>kinit</application> utility. For example:
|
|
2009-03-24 |
Vous pouvez tester la configuration en demandant un ticket à l'aide de <application>kinit</application>. Par exemple :
|
|
2059. |
kinit steve@EXAMPLE.COM
|
|
2009-03-24 |
kinit steve@EXAMPLE.COM
|
|
2060. |
Password for steve@EXAMPLE.COM:
|
|
2009-03-24 |
Mot de passe pour steve@EXAMPLE.COM:
|
|
2061. |
When a ticket has been granted, the details can be viewed using <application>klist</application>:
|
|
2009-03-24 |
Lorsqu'un ticket a été accordé, les détails peuvent être visualisés avec <application>klist</application> :
|
|
2063. |
Next, use the <application>auth-client-config</application> to configure the <application>libpam-krb5</application> module to request a ticket during login:
|
|
2009-03-24 |
Ensuite, utilisez <application>auth-client-config</application> pour configurer le module <application>libpam-krb5</application> pour demander un ticket lors de la connexion :
|
|
2064. |
sudo auth-client-config -a -p kerberos_example
|
|
2009-03-24 |
sudo auth-client-config -a -p kerberos_example
|
|
2065. |
You will should now receive a ticket upon successful login authentication.
|
|
2009-03-24 |
Vous devriez maintenant recevoir un ticket lors d'une connexion réussie.
|
|
2066. |
For more information on Kerberos see the <ulink url="http://web.mit.edu/Kerberos/">MIT Kerberos</ulink> site.
|
|
2009-03-24 |
Pour plus d'information sur Kerberos, voyez le site web <ulink url="http://web.mit.edu/Kerberos/">MIT Kerberos</ulink>.
|
|
2067. |
O'Reilly's <ulink url="http://oreilly.com/catalog/9780596004033/">Kerberos: The Definitive Guide</ulink> is a great reference when setting up Kerberos.
|
|
2009-03-24 |
Le guide d'O'Reilly <ulink url="http://oreilly.com/catalog/9780596004033/">Kerberos: The Definitive Guide</ulink> est une bonne référence pour le paramétrage de Kerberos.
|
|
2068. |
Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC channel on <ulink url="http://freenode.net/">Freenode</ulink> if you have Kerberos questions.
|
|
2009-03-24 |
Vous êtes également le bienvenu sur le canal IRC <emphasis>#ubuntu-server</emphasis> sur <ulink url="http://freenode.net/">Freenode</ulink> si vous avez des questions au sujet de Kerberos.
|
|
2069. |
Kerberos and LDAP
|
|
2009-03-24 |
Kerberos et LDAP
|
|
2070. |
Replicating a Kerberos principal database between two servers can be complicated, and adds an additional user database to your network. Fortunately, MIT Kerberos can be configured to use an <application>LDAP</application> directory as a principal database. This section covers configuring a primary and secondary kerberos server to use <application>OpenLDAP</application> for the principal database.
|
|
2009-03-24 |
Répliquer une banque de données Kerberos principale entre deux serveurs peut être compliqué, et ajoute une banque de données additionnelle d'utilisateurs à votre réseau. Heureusement, MIT Kerberos peut être configuré pour utiliser un annuaire <application>LDAP</application> comme banque de données principale. Ce section couvre la configuration de serveurs Kerberos primaire et secondaire pour utiliser <application>OpenLDAP</application> en tant que banque de données principale.
|
|
2076. |
Next, extract the <filename>kerberos.schema.gz</filename> file:
|
|
2009-03-24 |
Ensuite, extrayez le fichier <filename>kerberos.schema.gz</filename> :
|
|
2077. |
sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz
|
|
2009-03-24 |
sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz
|
|
2078. |
sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/
|
|
2009-03-24 |
sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/
|
|
2079. |
The <emphasis>kerberos</emphasis> schema needs to be added to the <emphasis>cn=config</emphasis> tree. The procedure to add a new schema to <application>slapd</application> is also detailed in <xref linkend="openldap-configuration"/>.
|
|
2009-03-24 |
Le schéma <emphasis>kerberos</emphasis> doit être ajouté à l'arbre <emphasis>cn=config</emphasis>. La procédure pour ajouter un nouveau schéma à <application>slapd</application> est également expliquée dans <xref linkend="openldap-configuration"/>.
|
|
2080. |
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/kerberos.schema
|
|
2009-03-24 |
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/kerberos.schema
|
|
2081. |
Create a temporary directory to hold the LDIF files:
|
|
2009-03-24 |
Créez un dossier temporaire pour contenir les fichiers LDIF :
|
|
2082. |
Edit the generated <filename>/tmp/ldif_output/cn=config/cn=schema/cn={12}kerberos.ldif</filename> file, changing the following attributes:
|
|
2009-03-24 |
Modifiez le fichier <filename>/tmp/ldif_output/cn=config/cn=schema/cn={12}kerberos.ldif</filename> généré, en adaptant les attributs suivants :
|
|
2083. |
dn: cn=kerberos,cn=schema,cn=config
...
cn: kerberos
|
|
2009-03-24 |
dn: cn=kerberos,cn=schema,cn=config
...
cn: kerberos
|
|
2084. |
And remove the following lines from the end of the file:
|
|
2009-03-24 |
Et supprimez les lignes suivantes à la fin du fichier :
|
|
2085. |
structuralObjectClass: olcSchemaConfig
entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc
creatorsName: cn=config
createTimestamp: 20090111203515Z
entryCSN: 20090111203515.326445Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20090111203515Z
|
|
2009-03-24 |
structuralObjectClass: olcSchemaConfig
entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc
creatorsName: cn=config
createTimestamp: 20090111203515Z
entryCSN: 20090111203515.326445Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20090111203515Z
|
|
2087. |
ldapadd -x -D cn=admin,cn=config -W -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{12\}kerberos.ldif
|
|
2009-03-24 |
ldapadd -x -D cn=admin,cn=config -W -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{12\}kerberos.ldif
|
|
2089. |
dn: olcDatabase={1}hdb,cn=config
add: olcDbIndex
olcDbIndex: krbPrincipalName eq,pres,sub
|
|
2009-03-24 |
dn: olcDatabase={1}hdb,cn=config
add: olcDbIndex
olcDbIndex: krbPrincipalName eq,pres,sub
|
|
2093. |
That's it, your LDAP directory is now ready to serve as a Kerberos principal database.
|
|
2009-03-24 |
Ça y est, votre annuaire LDAP est maintenant prêt à servir de banque de données principale Kerberos.
|
|
2094. |
Primary KDC Configuration
|
|
2009-03-24 |
Configuration du KDC primaire
|
|
2095. |
With <application>OpenLDAP</application> configured it is time to configure the KDC.
|
|
2009-03-24 |
Avec <application>OpenLDAP</application> opérationnel, il est temps de configurer le KDC.
|
|
2096. |
First, install the necessary packages, from a terminal enter:
|
|
2009-03-24 |
Premièrement, installez les paquets nécessaires, depuis un terminal entrez :
|
|
2097. |
sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap
|
|
2009-03-24 |
sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap
|
|
2098. |
Now edit <filename>/etc/krb5.conf</filename> adding the following options to under the appropriate sections:
|
|
2009-03-24 |
Maintenant, modifiez <filename>/etc/krb5.conf</filename> en ajoutant les options suivantes dans les sections appropriées :
|
|
2099. |
[libdefaults]
default_realm = EXAMPLE.COM
...
[realms]
EXAMPLE.COM = {
kdc = kdc01.example.com
kdc = kdc02.example.com
admin_server = kdc01.example.com
admin_server = kdc02.example.com
default_domain = example.com
database_module = openldap_ldapconf
}
...
[domain_realm]
.example.com = EXAMPLE.COM
...
[dbdefaults]
ldap_kerberos_container_dn = dc=example,dc=com
[dbmodules]
openldap_ldapconf = {
db_library = kldap
ldap_kdc_dn = "cn=admin,dc=example,dc=com"
# this object needs to have read rights on
# the realm container, principal container and realm sub-trees
ldap_kadmind_dn = "cn=admin,dc=example,dc=com"
# this object needs to have read and write rights on
# the realm container, principal container and realm sub-trees
ldap_service_password_file = /etc/krb5kdc/service.keyfile
ldap_servers = ldaps://ldap01.example.com ldaps://ldap02.example.com
ldap_conns_per_server = 5
}
|
|
2009-03-24 |
[libdefaults]
default_realm = EXAMPLE.COM
...
[realms]
EXAMPLE.COM = {
kdc = kdc01.example.com
kdc = kdc02.example.com
admin_server = kdc01.example.com
admin_server = kdc02.example.com
default_domain = example.com
database_module = openldap_ldapconf
}
...
[domain_realm]
.example.com = EXAMPLE.COM
...
[dbdefaults]
ldap_kerberos_container_dn = dc=example,dc=com
[dbmodules]
openldap_ldapconf = {
db_library = kldap
ldap_kdc_dn = "cn=admin,dc=example,dc=com"
# this object needs to have read rights on
# the realm container, principal container and realm sub-trees
ldap_kadmind_dn = "cn=admin,dc=example,dc=com"
# this object needs to have read and write rights on
# the realm container, principal container and realm sub-trees
ldap_service_password_file = /etc/krb5kdc/service.keyfile
ldap_servers = ldaps://ldap01.example.com ldaps://ldap02.example.com
ldap_conns_per_server = 5
}
|
|
2100. |
Change <emphasis>example.com</emphasis>, <emphasis>dc=example,dc=com</emphasis>, <emphasis>cn=admin,dc=example,dc=com</emphasis>, and <emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP object, and LDAP server for your network.
|
|
2009-03-24 |
Modifiez <emphasis>example.com</emphasis>, <emphasis>dc=example,dc=com</emphasis>, <emphasis>cn=admin,dc=example,dc=com</emphasis>, et <emphasis>ldap01.example.com</emphasis> en votre domaine, objet LDAP et serveur LDAP de votre réseau.
|
|
2101. |
Next, use the <application>kdb5_ldap_util</application> utility to create the realm:
|
|
2009-03-24 |
Ensuite, utilisez <application>kdb5_ldap_util</application> pour créer le domaine :
|
|
2102. |
sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com
|
|
2009-03-24 |
sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com
|
|
2104. |
sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f /etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com
|
|
2009-03-24 |
sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f /etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com
|
|
2112. |
addprinc -x dn="uid=steve,ou=people,dc=example,dc=com" steve
|
|
2009-03-24 |
addprinc -x dn="uid=steve,ou=people,dc=example,dc=com" steve
|
|
2113. |
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local: <placeholder-1/>
WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy
Enter password for principal "steve@EXAMPLE.COM":
Re-enter password for principal "steve@EXAMPLE.COM":
Principal "steve@EXAMPLE.COM" created.
|
|
2009-03-24 |
Identification comme root/admin@EXAMPLE.COM avec mot de passe.
kadmin.local : <placeholder-1/>
ATTENTION : pas de règle spécifique pour steve@EXAMPLE.COM; configuration par défaut : sans règle.
Entrez un mot de passe pour "steve@EXAMPLE.COM":
Ré-entrez le mot de passe pour "steve@EXAMPLE.COM":
Utilisateur "steve@EXAMPLE.COM" créé.
|
|
2114. |
There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and krbExtraData attributes added to the <emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use the <application>kinit</application> and <application>klist</application> utilities to test that the user is indeed issued a ticket.
|
|
2009-03-24 |
Il devrait maintenant avoir krbPrincipalName, krbPrincipalKey, krbLastPwdChange, et krbExtraData attributes ajoutés à l'objet utilisateur <emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis>. Utilisez <application>kinit</application> et <application>klist</application> pour tester si l'utilisateur reçoit en effet un ticket.
|
|
2616. |
BOOT_DEGRADED=true
|
|
2009-03-24 |
BOOT_DEGRADED=true
|
|
2678. |
Now extend the Volume Group (VG):
|
|
2009-03-24 |
Etendez maintenant le groupe du volume (Volume group) :
|
|
2688. |
Finally, resize the filesystem:
|
|
2009-03-24 |
Enfin, redimensionnez le système de fichiers :
|
|
2917. |
The <ulink url="http://www.tldp.org/HOWTO/DNS-HOWTO.html">DNS HOWTO</ulink> explains more advanced options for configuring BIND9.
|
|
2009-03-24 |
Le site web <ulink url="http://www.tldp.org/HOWTO/DNS-HOWTO.html">DNS HOWTO</ulink> explique les options plus avancées pour configurer BIND9.
|
|
2918. |
For in depth coverage of <emphasis>DNS</emphasis> and <application>BIND9</application> see <ulink url="http://www.bind9.net/">Bind9.net</ulink>.
|
|
2009-03-24 |
Pour une vision approfondie des <emphasis>DNS</emphasis> et de <application>BIND9</application>, voyez le site web <ulink url="http://www.bind9.net/">Bind9.net</ulink>.
|
|
2919. |
<ulink url="http://www.oreilly.com/catalog/dns5/index.html">DNS and BIND</ulink> is a popular book now in it's fifth edition.
|
|
2009-03-24 |
<ulink url="http://www.oreilly.com/catalog/dns5/index.html">DNS and BIND</ulink> est un livre populaire, maintenant en révision 5.
|
|
2920. |
A great place to ask for <application>BIND9</application> assistance, and get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-server</emphasis> IRC channel on <ulink url="http://freenode.net">freenode</ulink>.
|
|
2009-03-24 |
Un bon endroit pour demander de l'assistance pour <application>BIND9</application>, et être impliqué dans la communauté Ubuntu Serveur, est le canal IRC <emphasis>#ubuntu-server</emphasis> sur <ulink url="http://freenode.net">freenode</ulink>.
|
|
2922. |
Ubuntu provides two popular database servers. They are:
|
|
2009-03-24 |
Ubuntu fournit deux serveurs de banques de données populaires. Ils sont :
|
|
2924. |
They are available in the main repository. This section explains how to install and configure these database servers.
|
|
2009-03-24 |
Ils sont disponibles dans le dépôt main. Cette section explique comment installer et configurer ces serveurs de banques de données.
|