GakuNinShibInstall

スペース ショートカット

ページ ツリー

比較バージョン

古いバージョン 32

changes.mady.by.user Takeshi Nishimura

保存しました

次と比較

新しいバージョン 33

changes.mady.by.user Yoshiaki Kawano

保存しました

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

...

MySQL をインストールし初期設定を行います。
以下のコマンドを実行してmysqldの自動起動の設定及びMySQLのrootパスワードの設定を実施してください。

 

パネル
bgColor#eeeeee
# yum install mysql mysql-server
# chkconfig mysqld on ← 自動起動を設定
# chkconfig --list mysqld
mysqld             0:off    1:off    2:on    3:on    4:on    5:on    6:off ← 3、4、5がonになっていることを確認
# /etc/init.d/mysqld start
# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): ← そのままEnter入力
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] ← rootパスワードを設定
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] ← そのままEnter入力
... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] ← そのままEnter入力
... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] ← そのままEnter入力
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] ← そのままEnter入力
... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

...

また、テーブル shibpid にアクセスするためのデータベースユーザを新規作成します。

パネル
bgColor#eeeeee

mysql> CREATE USER 'データベースユーザ名'@'localhost' IDENTIFIED BY 'データベースパスワード';
mysql> GRANT ALL PRIVILEGES ON shibpid.* TO 'データベースユーザ名'@'localhost';
mysql> FLUSH PRIVILEGES;

...

5. /opt/shibboleth-idp/conf/global.xml を修正する

/opt/shibboleth-idp/conf/global.xmlでbean MyDataSourceを定義します。

パネル
borderColor#cccccc
bgColor#eeeeee
borderStylesolid
    <!-- Use this file to define any custom beans needed globally. -->
    <bean id="MyDataSource" 
          class="org.apache.tomcat.dbcp.dbcp.BasicDataSource"
          p:driverClassName="com.mysql.jdbc.Driver"
          p:url="jdbc:mysql://localhost:3306/データベース名"
          p:username="データベースユーザー名"
          p:password="データベースパスワード"
          p:maxActive="10"
          p:maxIdle="5"
          p:maxWait="15000"
          p:testOnBorrow="true"
          p:validationQuery="select 1"
          p:validationQueryTimeout="5" />

    <!--
    Algorithm whitelists and blacklists that override or merge with library defaults. Normally you can leave
    these empty or commented and use the system defaults, but you can override those defaults using these lists.
    Each <value> element is an algorithm URI, or you can use <util:constant> elements in place of literal values.
    -->

...

パネル
borderColor#cccccc
bgColor#eeeeee
borderStylesolid

(省略)
    <!-- Attribute Definition for eduPersonTargetedID (computedID) -->
    <!--
    <resolver:AttributeDefinition xsi:type="ad:SAML2NameID" id="eduPersonTargetedID" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" sourceAttributeID="computedID">
        <resolver:Dependency ref="computedID" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" encodeType="false" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" encodeType="false" />
    </resolver:AttributeDefinition>
    --> ← コメントアウト
    <!-- Pseudo Attribute Definition for %{idp.persistentId.sourceAttribute} -->
    <!--
        Uncomment this if there is an attribute named %{idp.persistentId.sourceAttribute}
        only on LDAP and you don't already have an Attribute Definition for it.
    -->
    <!--
    <resolver:AttributeDefinition id="%{idp.persistentId.sourceAttribute}" xsi:type="ad:Simple" sourceAttributeID="%{idp.persistentId.sourceAttribute}">
        <resolver:Dependency ref="myLDAP" />
    </resolver:AttributeDefinition>
    --> ← コメントアウト
    <!-- Computed targeted ID connector -->
    <!--
    <resolver:DataConnector id="computedID" xsi:type="dc:ComputedId"
                            generatedAttributeID="computedID"
                            sourceAttributeID="%{idp.persistentId.sourceAttribute}"
                            salt="%{idp.persistentId.salt}">
        <resolver:Dependency ref="%{idp.persistentId.sourceAttribute}" />
    </resolver:DataConnector>
    --> ← コメントアウト

    <!-- Attribute Definition for eduPersonTargetedID (storedID) -->
    <!-- --> ← アンコメント
    <resolver:AttributeDefinition xsi:type="ad:SAML2NameID" id="eduPersonTargetedID" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" sourceAttributeID="storedID">
        <resolver:Dependency ref="storedID" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" encodeType="false" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" encodeType="false" />
    </resolver:AttributeDefinition>
    <!-- --> ← アンコメント
    <!-- Pseudo Attribute Definition for %{idp.persistentId.sourceAttribute} -->
    <!--
        Uncomment this if there is an attribute named %{idp.persistentId.sourceAttribute}
        only on LDAP and you don't already have an Attribute Definition for it.
    -->
    <!-- --> ← アンコメント(idp.persistentId.sourceAttributeで指定した属性がLDAPで定義されているのみで、attribute-resolver.xmlに対応するresolver:AttributeDefinitionが存在しない場合)
    <resolver:AttributeDefinition id="%{idp.persistentId.sourceAttribute}" xsi:type="ad:Simple" sourceAttributeID="%{idp.persistentId.sourceAttribute}">
        <resolver:Dependency ref="myLDAP" />
    </resolver:AttributeDefinition>
    <!-- --> ← アンコメント(idp.persistentId.sourceAttributeで指定した属性がLDAPで定義されているのみで、attribute-resolver.xmlに対応するresolver:AttributeDefinitionが存在しない場合)
    <!-- Stored targeted ID connector -->
(省略)
    <!-- --> ← アンコメント
    <resolver:DataConnector id="storedID" xsi:type="dc:StoredId"
                            generatedAttributeID="storedID"
                            sourceAttributeID="%{idp.persistentId.sourceAttribute}"
                            salt="%{idp.persistentId.salt}">
        <resolver:Dependency ref="%{idp.persistentId.sourceAttribute}" />
        <dc:BeanManagedConnection>MyDataSource</dc:BeanManagedConnection>
    </resolver:DataConnector>
    <!-- --> ← アンコメント

 ※端末のサイズによっては表記がずれる可能性がございます。画面を広くしてご覧ください。

...