1AUTHCONFIG(8) System Manager's Manual AUTHCONFIG(8)
2
6 authconfig, authconfig-tui - an interface for configuring system
7 authentication resources
8
10 authconfig
11 [--nostart]
12 [--enablecache] [--disablecache]
13 [--enablenis
14 [--nisdomain domain] [--nisserver namelist] ]
15 [--disablenis]
16 [--enableshadow] [--disableshadow]
17 [--enablemd5] [--disablemd5]
18 [--enableldap
19 [--enableldapauth] [--enableldaptls] [--ldapserver
20 namelist] [--ldapbasedn basedn]]
21 [--disableldap] [--disableldapauth]
22 [--enablekrb5
23 [ --krb5realm realm ] [--krb5kdc namelist]
24 [--krb5adminserver namelist] [--enablekrb5kdcdns]
25 [--disablekrb5kdcdns] [--enablekrb5realmdns] [--dis‐
26 ablekrb5realmdns] ]
27 [--disablekrb5]
28 [--enablehesiod
29 [--hesiodlhs lhs] [--hesiodrhs rhs] ] [--disablehesiod]
30 [--enablesmbauth
31 [--smbworkgroup workgroup] [--smbservers namelist]]
32 [--disablesmbauth]
33 [--enablewinbind
34 [--enablewinbindauth] [--smbsecurity
35 {user|server|domain|ads}] [--smbrealm realm]
36 [--smbidmapuid=range] [--smbidmapgid=range] [--win‐
37 bindseparator=\] [--winbindtemplateprimarygroup=group]
38 [--winbindtemplatehomedir=directory] [--winbindtem‐
39 plateshell=path] ]
40 [--disablewinbind] [--disablewinbindauth]
41 [--enablewinbindusedefaultdomain]
42 [--disablewinbindusedefaultdomain]
43 [--winbindjoin admin] [--enablewins] [--disablewins]
44 {--test|--update|--probe}
45
47 authconfig provides a simple method of configuring /etc/sysconfig/net‐
48 work to handle NIS, as well as /etc/passwd and /etc/shadow, the files
49 used for shadow password support. Basic LDAP, Kerberos 5, and SMB
50 (authentication) client configuration is also provided.
51 If --test action is specified, authconfig can be run by users other
53 then root, and any configuration changes are not saved but printed
54 instead. If --update action is specified, authconfig must be run by
55 root (or through console helper), and configuration changes are saved.
56 The --probe action instructs authconfig to use DNS and other means to
57 guess at configuration information for the current host, print its
58 guesses if it finds them to standard output, and exit.
59 If --nostart is specified (which is what the install program does),
61 ypbind or other daemons will not be started or stopped immediately fol‐
62 lowing program execution, but only enabled to start or stop at boot
63 time.
64 The --enablenis, --enableldap, --enablewinbind, and --enablehesiod
66 options are used to configure user information services in /etc/nss‐
67 witch.conf, the --enablecache option is used to configure naming ser‐
68 vices caching, and the --enableshadow, --enablemd5, --enableldapauth,
69 --enablekrb5, --enablewinbindauth, and --enablesmbauth options are used
70 to configure authentication functions via /etc/pam.d/system-auth. Each
71 --enable has a matching --disable option that disables the service if
72 it is already enabled. The respective services have parameters which
73 configure their server names etc.
74 The authconfig-tui supports all options of authconfig but it implies
76 --update as the default action. Its window contains a Cancel button by
77 default. If --back option is specified at run time, a Back button is
78 presented instead. If --kickstart is specified, no interactive screens
79 will be seen. The values the program will use will be those specified
80 by the other options (--enablemd5, --enableshadow, etc.).
81 For namelistyou may substitute either a single name or a comma-sepa‐
83 rated list of names.
84
86 The authconfig-tui is deprecated. No new configuration settings will be
87 supported by its text user interface. Use system-config-authentication
88 GUI application or the command line options instead.
89
92 authconfig returns 0 on success, 2 on error.
93 authconfig-tui returns 0 on success, 2 on error, and 1 if the user can‐
95 celled the program (by using either the Cancel or Back button).
96
99 /etc/sysconfig/authconfig
100 Used to track whether or not particular authentication
101 mechanisms are enabled. Currently includes variables
102 named USESHADOW, USEMD5, USEKERBEROS, USELDAPAUTH, USESM‐
103 BAUTH, USEWINBIND, USEWINBINDAUTH, USEHESIOD, USENIS,
104 USELDAP.
105 /etc/passwd,
106 Used for shadow password support.
107 /etc/yp.conf
108 Configuration file for NIS support.
109 /etc/sysconfig/network
110 Another configuration file for NIS support.
111 /etc/ldap.conf
112 /etc/openldap/ldap.conf Used to configure LDAP (and
113 OpenLDAP, respectively).
114 /etc/krb5.conf
115 Used to configure Kerberos 5.
116 /etc/krb.conf
117 Used to configure Kerberos IV (write-only).
118 /etc/hesiod.conf
119 Used to configure Hesiod.
120 /etc/pam_smb.conf
121 Used to configure SMB authentication.
122 /etc/samba/smb.conf
123 Used to configure winbind authentication.
124 /etc/nsswitch.conf
125 Used to configure user information services.
126 /etc/pam.d/system-auth
127 Common PAM configuration for system services which
128 include it using the include directive. It is created as
129 symlink and not relinked if it points to another file.
130 /etc/pam.d/system-auth-ac
131 Contains the actual PAM configuration for system services
132 and is the default target of the /etc/pam.d/system-auth
133 symlink. If a local configuration of PAM is created (and
134 symlinked from system-auth file) this file can be
135 included there.
136
139 passwd(5), shadow(5), pwconv(1), domainname(1), ypbind(8), nss‐
140 witch.conf(5), smb.conf(5)
141
144 Nalin Dahyabhai <nalin@redhat.com>, Preston Brown <pbrown@redhat.com>,
145 Matt Wilson <msw@redhat.com>, Tomas Mraz <tmraz@redhat.com>
1464th Berkeley Distribution 5 December 2005 AUTHCONFIG(8)