{"id":2732,"date":"2016-04-23T20:55:17","date_gmt":"2016-04-23T12:55:17","guid":{"rendered":"http:\/\/blog.pighead.cc\/whsyu\/?p=2732"},"modified":"2016-04-23T20:55:17","modified_gmt":"2016-04-23T12:55:17","slug":"osx-open-directory-siou-fu","status":"publish","type":"post","link":"https:\/\/blog.pighead.cc\/whsyu\/2016\/04\/23\/osx-open-directory-siou-fu\/","title":{"rendered":"OSX Open Directory \u4fee\u5fa9"},"content":{"rendered":"<p class=\"bb-post-separator\"><strong>[\u83ef\u8a9e, cmn-Hant-TW]  <\/strong><\/p><p>\u6709\u4e00\u53f0 Mac \u8dd1 Server.app \u63d0\u4f9b\u4e00\u4e9b\u7c21\u55ae\u7684\u670d\u52d9\uff0c\u4e3b\u8981\u662f LDAP \u5e33\u865f\u6b0a\u9650\u7ba1\u7406\uff0c\u67d0\u6b21\u5347\u7d1a\u4e4b\u5f8c\u5c31\u7a81\u7136\u6c92\u8fa6\u6cd5\u767b\u5165\u4e86\uff0c\u4e0d\u904e\u56e0\u70ba\u7db2\u9801\u8a8d\u8b49\u90f5\u4ef6\u4e4b\u985e\u7684\u90fd\u9084\u6703\u52d5\uff0c\u6240\u4ee5\u4e5f\u6c92\u6709\u7279\u5225\u5728\u610f\uff0c\u7136\u5f8c\u7d42\u65bc\u5728 SSL \u5230\u671f\u4e4b\u5f8c\u6574\u500b\u70b8\u6389\uff0c\u6240\u4ee5\u53ea\u597d\u958b\u59cb\u627e\u554f\u984c\u5728\u54ea\uff0c\u4e00\u958b\u59cb\u4ee5\u70ba\u662f SSL \u7684\u554f\u984c\uff0c\u60f3\u8fa6\u6cd5\u7c3d\u4e00\u500b\u65b0\u7684\u7d50\u679c\u767c\u73fe Open Directory \u5c45\u7136\u4e0d\u5403\u65b0\u7684 SSL\uff0c\u6709\u4eba\u8aaa\u662f SSL \u9700\u8981 code signing \u624d\u5403\uff0c\u4e0d\u904e\u91cd\u9ede\u662f\u95dc\u6389 SSL \u61c9\u8a72\u9084\u662f\u8981\u6703\u52d5\u624d\u662f\uff0c\u56e0\u70ba\u5176\u4ed6\u7528\u5230\u7684\u4f3a\u670d\u5668\u914d\u5408\u95dc TLS \u7167\u6a23\u53ef\u4ee5\u9023\uff0c\u770b\u4e86\u597d\u5e7e\u7bc7\u8a0e\u8ad6\u5f8c\u4f86\u5728<a href=\"https:\/\/discussions.apple.com\/thread\/6538030?start=0&amp;tstart=0\">\u9019\u7bc7<\/a>\u770b\u5230\u6709\u4eba\u8aaa\u8981\u7167\u9019\u500b<a href=\"https:\/\/support.apple.com\/zh-tw\/HT200018\">\u8aaa\u660e<\/a>\u8dd1\u4e00\u6b21\u00a0Rekerberize\uff0c\u8a66\u904e\u4e4b\u5f8c\u679c\u7136\u53ef\u4ee5\uff0c\u539f\u4f86\u662f\u4e4b\u524d\u7684\u66f4\u65b0\u6c92\u8dd1\u5b8c\u6574\u554a\uff0c\u96e3\u602a\u5e33\u865f\u660e\u660e\u5c31\u5b58\u5728\uff0c\u4f46\u662f ssh \u8ddf\u684c\u9762\u5c31\u662f\u4e0d\u7d66\u767b\u5165\uff0c\u56e0\u70ba OSX \u7684\u767b\u5165\u6709\u7528\u5230 kerberos \u554a\uff01<\/p>\n<p>\u662f\u8aaa\u5f8c\u4f86\u5b8c\u6574\u4fee\u5fa9\u4e5f\u4e0d\u662f\u7528\u9019\u62db\uff0c\u56e0\u70ba\u4fee\u4fee\u6539\u6539\u5f04\u4e00\u5f04\u5c31\u70b8\u6389\u4e86\uff0c\u9084\u597d\u8a66\u4e4b\u524d\u6709\u5148\u5c01\u5b58 Open Directory \u4f3a\u670d\u5668\uff0c\u5c31\u653e\u5fc3\u7684\u6574\u500b\u780d\u6389 (\u9023 \/var\/db\/openldap \u90fd\u780d\u4e86) \u518d\u5f9e\u5c01\u5b58\u6a94\u56de\u5fa9\uff0c\u7d50\u679c\u9019\u6a23\u5c45\u7136\u5c31\u4e00\u5207\u6b63\u5e38\uff0c\u9023\u672c\u4f86\u4e0d\u5403\u7684 SSL \u8a8d\u8b49\u90fd\u5403\u5f97\u4e0b\u53bb\u4e86\uff01<\/p>\n<p>\u82b1\u4e86\u4e00\u5806\u6642\u9593\u9a57\u8b49\u7814\u7a76\uff0c\u6c92\u60f3\u5230\u4e0d\u7ba1\u662f\u54ea\u500b\u89e3\u6cd5\u90fd\u90a3\u9ebc\u7c21\u55ae\uff0c\u7576\u7136\u8981\u7279\u5225\u8a18\u9304\u4e00\u4e0b\u904e\u7a0b\uff0c\u4e4b\u5f8c\u518d\u4f86\u770b\u770b\u6709\u6c92\u6709\u65b9\u6cd5\u81ea\u52d5\u66f4\u65b0 SSL \u8a8d\u8b49\u597d\u4e86<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[\u83ef\u8a9e, cmn-Hant-TW] \u6709\u4e00\u53f0 Mac \u8dd1 Server.app \u63d0\u4f9b\u4e00\u4e9b\u7c21\u55ae\u7684\u670d\u52d9\uff0c\u4e3b\u8981\u662f LDAP \u5e33\u865f\u6b0a\u9650\u7ba1\u7406\uff0c\u67d0\u6b21\u5347\u7d1a\u4e4b\u5f8c\u5c31\u7a81\u7136\u6c92\u8fa6\u6cd5\u767b\u5165\u4e86\uff0c\u4e0d\u904e\u56e0\u70ba\u7db2\u9801\u8a8d\u8b49\u90f5\u4ef6\u4e4b\u985e\u7684\u90fd\u9084\u6703\u52d5\uff0c\u6240\u4ee5\u4e5f\u6c92\u6709\u7279\u5225\u5728\u610f\uff0c\u7136\u5f8c\u7d42\u65bc\u5728 SSL \u5230\u671f\u4e4b\u5f8c\u6574\u500b\u70b8\u6389\uff0c\u6240\u4ee5\u53ea\u597d\u958b\u59cb\u627e\u554f\u984c\u5728\u54ea\uff0c\u4e00\u958b\u59cb\u4ee5\u70ba\u662f SSL \u7684\u554f\u984c\uff0c\u60f3\u8fa6\u6cd5\u7c3d\u4e00\u500b\u65b0\u7684\u7d50\u679c\u767c\u73fe Open Directory \u5c45\u7136\u4e0d\u5403\u65b0\u7684 SSL\uff0c\u6709\u4eba\u8aaa\u662f SSL \u9700\u8981 code signing \u624d\u5403\uff0c\u4e0d\u904e\u91cd\u9ede\u662f\u95dc\u6389 SSL \u61c9\u8a72\u9084\u662f\u8981\u6703\u52d5\u624d\u662f\uff0c\u56e0\u70ba\u5176\u4ed6\u7528\u5230\u7684\u4f3a\u670d\u5668\u914d\u5408\u95dc TLS \u7167\u6a23\u53ef\u4ee5\u9023\uff0c\u770b\u4e86\u597d\u5e7e\u7bc7\u8a0e\u8ad6\u5f8c\u4f86\u5728\u9019\u7bc7\u770b\u5230\u6709\u4eba\u8aaa\u8981\u7167\u9019\u500b\u8aaa\u660e\u8dd1\u4e00\u6b21\u00a0Rekerberize\uff0c\u8a66\u904e\u4e4b\u5f8c\u679c\u7136\u53ef\u4ee5\uff0c\u539f\u4f86\u662f\u4e4b\u524d\u7684\u66f4\u65b0\u6c92\u8dd1\u5b8c\u6574\u554a\uff0c\u96e3\u602a\u5e33\u865f\u660e\u660e\u5c31\u5b58\u5728\uff0c\u4f46\u662f ssh \u8ddf\u684c\u9762\u5c31\u662f\u4e0d\u7d66\u767b\u5165\uff0c\u56e0\u70ba OSX \u7684\u767b\u5165\u6709\u7528\u5230 kerberos \u554a\uff01 \u662f\u8aaa\u5f8c\u4f86\u5b8c\u6574\u4fee\u5fa9\u4e5f\u4e0d\u662f\u7528\u9019\u62db\uff0c\u56e0\u70ba\u4fee\u4fee\u6539\u6539\u5f04\u4e00\u5f04\u5c31\u70b8\u6389\u4e86\uff0c\u9084\u597d\u8a66\u4e4b\u524d\u6709\u5148\u5c01\u5b58 Open Directory \u4f3a\u670d\u5668\uff0c\u5c31\u653e\u5fc3\u7684\u6574\u500b\u780d\u6389 (\u9023 \/var\/db\/openldap \u90fd\u780d\u4e86) \u518d\u5f9e\u5c01\u5b58\u6a94\u56de\u5fa9\uff0c\u7d50\u679c\u9019\u6a23\u5c45\u7136\u5c31\u4e00\u5207\u6b63\u5e38\uff0c\u9023\u672c\u4f86\u4e0d\u5403\u7684&hellip; <\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[168,4584,4605,4287],"class_list":["post-2732","post","type-post","status-publish","format-standard","hentry","category-mac","tag-mac-os-x","tag-openldap","tag-server-app","tag-ssl"],"_links":{"self":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts\/2732","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/comments?post=2732"}],"version-history":[{"count":1,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts\/2732\/revisions"}],"predecessor-version":[{"id":2733,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts\/2732\/revisions\/2733"}],"wp:attachment":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/media?parent=2732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/categories?post=2732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/tags?post=2732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}