在禁用通过authconfig重新启用tls之后，openldap会在客户端上运行身份validation

在我的docker openldap服务器和客户端容器上工作时遇到一个奇怪的问题。 要启用ldap身份validationtls我必须先通过authconfig禁用它，然后重新启用。 我也禁用了cachinglogin。 如果我不先禁用tls，只执行第二个命令，那么从sshlogin是不成功的

$ docker exec -t datanode1 bash -c 'authconfig --enableldap --enableldapauth --ldapserver="kerbldap.dkdocker.com" \ --ldapbasedn="dc=dkdocker,dc=com" --enablesssd --enablesssdauth --enableldaptls --enablemkhomedir --update' $ ssh dhiren@localhost -p 2224 dhiren@localhost's password: Permission denied, please try again. dhiren@localhost's password: $ docker exec -t datanode1 bash -c 'authconfig --disableldaptls --update' $ docker exec -t datanode1 bash -c 'authconfig --enableldap --enableldapauth --ldapserver="kerbldap.dkdocker.com" \ --ldapbasedn="dc=dkdocker,dc=com" --enablesssd --enablesssdauth --enableldaptls --enablemkhomedir --update' $ ssh dhiren@localhost -p 2224 dhiren@localhost's password: Creating home directory for dhiren. Last failed login: Thu Sep 21 19:31:42 IST 2017 from gateway on ssh:notty There were 4 failed login attempts since the last successful login. [dhiren@datanode1 ~]$ docker exec -t clientcontainer1 bash -c 'authconfig --disableldaptls --update' 

以下是我的authconfig – testing结果

 [root@datanode1 ~]# authconfig --test caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is enabled LDAP+TLS is enabled LDAP server = "ldap://kerbldap.dkdocker.com/" LDAP base DN = "dc=dkdocker,dc=com" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is disabled SMB workgroup = "SAMBA" SMB servers = "" SMB security = "user" SMB realm = "" Winbind template shell = "/bin/false" SMB idmap range = "16777216-33554431" nss_sss is enabled by default nss_wins is disabled nss_mdns4_minimal is disabled myhostname is enabled DNS preference over NSS or WINS is disabled pam_unix is always enabled shadow passwords are enabled password hashing algorithm is sha512 pam_krb5 is disabled krb5 realm = "DKDOCKER.COM" krb5 realm via dns is disabled krb5 kdc = "kerbldap.dkdocker.com" krb5 kdc via dns is disabled krb5 admin server = "kerbldap.dkdocker.com" pam_ldap is enabled LDAP+TLS is enabled LDAP server = "ldap://kerbldap.dkdocker.com/" LDAP base DN = "dc=dkdocker,dc=com" LDAP schema = "rfc2307" pam_pkcs11 is disabled SSSD smartcard support is disabled use only smartcard for login is disabled smartcard module = "" smartcard removal action = "" pam_fprintd is disabled pam_ecryptfs is disabled pam_winbind is disabled SMB workgroup = "SAMBA" SMB servers = "" SMB security = "user" SMB realm = "" pam_sss is enabled by default credential caching in SSSD is enabled SSSD use instead of legacy services if possible is enabled IPAv2 is disabled IPAv2 domain was not joined IPAv2 server = "" IPAv2 realm = "" IPAv2 domain = "" pam_pwquality is enabled (try_first_pass local_users_only retry=3 authtok_type=) pam_passwdqc is disabled () pam_access is disabled () pam_faillock is disabled (deny=4 unlock_time=1200) pam_mkhomedir or pam_oddjob_mkhomedir is enabled (umask=0077) Always authorize local users is enabled () --ldapbasedn="dc=dkdocker,dc=com" --enablesssd --enablesssdauth --enableldaptls --enablemkhomedir --update' 

• Cron（和systemd）在docker的centos7中
• Arquillian Cube与RestEasy合作吗？

• 牧场主：NFS还是护航-nfs？
• 为什么从docker容器到其他实例/服务器的SSH太慢了
• 为什么在Ubuntu上安装docker应该是`sudo apt-get install docker.io`？
• 在Ubuntu切换文件系统覆盖不支持的Docker？
• Docker与Jar和Gradle在jenkins中执行
• debugging节点（> = 6.3）从docker集装箱
• 是否有可能在Docker中运行syslog并将其作为主机的syslog守护进程公开？
• Docker镜像> google / cadvisor：最新
• 在Grafana中为Docker容器构buildCPU使用情况图