1AUTOFS_LDAP_AUTH.CONF(5) File Formats Manual AUTOFS_LDAP_AUTH.CONF(5)
2
6 autofs_ldap_auth.conf - autofs LDAP authentication configuration
7
9 LDAP authenticated binds, TLS encrypted connections and certification
10 may be used by setting appropriate values in the autofs authentication
11 configuration file and configuring the LDAP client with appropriate
12 settings. The default location of this file is
13 /etc/autofs_ldap_auth.conf. If this file exists it will be used to es‐
14 tablish whether TLS or authentication should be used.
15 An example of this file is:
17 <?xml version="1.0" ?>
19 <autofs_ldap_sasl_conf
20 usetls="yes"
21 tlsrequired="no"
22 authrequired="no"
23 authtype="DIGEST-MD5"
24 user="xyz"
25 secret="abc"
26 />
27 If TLS encryption is to be used the location of the Certificate Author‐
29 ity certificate must be set within the LDAP client configuration in or‐
30 der to validate the server certificate. If, in addition, a certified
31 connection is to be used then the client certificate and private key
32 file locations must also be configured within the LDAP client.
33
35 This files contains a single XML element, as shown in the example
36 above, with several attributes.
37 The possible attributes are:
39 usetls="yes"|"no"
41 Determines whether an encrypted connection to the ldap server
42 should be attempted.
43 tlsrequired="yes"|"no"
45 This flag tells whether the ldap connection must be encrypted.
46 If set to "yes", the automounter will fail to start if an en‐
47 crypted connection cannot be established.
48 authrequired="yes"|"no"|"autodetect"|"simple"
50 This option tells whether an authenticated connection to the
51 ldap server is required in order to perform ldap queries. If the
52 flag is set to yes, only sasl authenticated connections will be
53 allowed. If it is set to no then authentication is not needed
54 for ldap server connections. If it is set to autodetect then the
55 ldap server will be queried to establish a suitable sasl authen‐
56 tication mechanism. If no suitable mechanism can be found, con‐
57 nections to the ldap server are made without authentication. Fi‐
58 nally, if it is set to simple, then simple authentication will
59 be used instead of SASL.
60 authtype="GSSAPI"|"LOGIN"|"PLAIN"|"ANONYMOUS"|"DIGEST-MD5"
62 This attribute can be used to specify a preferred authentication
63 mechanism.
64 In normal operations, the automounter will attempt to authenti‐
65 cate to the ldap server using the list of supportedSASLmecha‐
66 nisms obtained from the directory server. Explicitly setting
67 the authtype will bypass this selection and only try the mecha‐
68 nism specified.
69 user="<username>"
71 This attribute holds the authentication identity used by authen‐
72 tication mechanisms that require it. Legal values for this at‐
73 tribute include any printable characters that can be used by the
74 selected authentication mechanism.
75 secret="<password>"
77 This attribute holds the secret used by authentication mecha‐
78 nisms that require it. Legal values for this attribute include
79 any printable characters that can be used by the selected au‐
80 thentication mechanism.
81 clientprinc="<GSSAPI client principal>"
83 When using GSSAPI authentication, this attribute is consulted to
84 determine the principal name to use when authenticating to the
85 directory server. By default, this will be set to "autof‐
86 sclient/<fqdn>@<REALM>.
87 credentialcache="<external credential cache path>"
89 When using GSSAPI authentication, this attribute can be used to
90 specify an externally configured credential cache that is used
91 during authentication. By default, autofs will setup a memory
92 based credential cache.
93
95 auto.master(5),
96
98 This manual page was written by Ian Kent <raven@themaw.net>.
99 19 Feb 2010 AUTOFS_LDAP_AUTH.CONF(5)