authconfig - Unix, Linux Command
NAME
authconfig, authconfig-tui - an interface for configuring system authentication resources
SYNOPSIS
authconfig
[--nostart]
[--enablecache] [--disablecache]
[--enablenis
[--nisdomain
domain] [--nisserver
namelist] ]
[--disablenis]
[--enableshadow] [--disableshadow]
[--enablemd5] [--disablemd5]
[--enableldap
[--enableldapauth] [--enableldaptls]
[--ldapserver
namelist] [--ldapbasedn
basedn]]
[--disableldap] [--disableldapauth]
[--enablekrb5
[ --krb5realm
realm ] [--krb5kdc
namelist]
[--krb5adminserver
namelist] [--enablekrb5kdcdns]
[--disablekrb5kdcdns] [--enablekrb5realmdns] [--disablekrb5realmdns] ]
[--disablekrb5]
[--enablehesiod
[--hesiodlhs
lhs] [--hesiodrhs
rhs] ]
[--disablehesiod]
[--enablesmbauth
[--smbworkgroup
workgroup]
[--smbservers
namelist]]
[--disablesmbauth]
[--enablewinbind
[--enablewinbindauth] [--smbsecurity {user|server|domain|ads}]
[--smbrealm
realm]
[--smbidmapuid=
range] [--smbidmapgid=
range]
[--winbindseparator=
\]
[--winbindtemplateprimarygroup=
group]
[--winbindtemplatehomedir=
directory]
[--winbindtemplateshell=
path] ]
[--disablewinbind] [--disablewinbindauth]
[--enablewinbindusedefaultdomain]
[--disablewinbindusedefaultdomain]
[--winbindjoin
admin] [--enablewins] [--disablewins]
{--test|--update|--probe}
DESCRIPTION
authconfig provides a simple method of configuring
/etc/sysconfig/network to handle NIS, as well as /etc/passwd and
/etc/shadow, the files used for shadow password support. Basic LDAP,
Kerberos 5, and SMB (authentication) client configuration is also provided.
If --test action is specified, authconfig can be run by
users other then root, and any configuration changes are not saved but printed
instead.
If --update action is specified, authconfig must be run by
root (or through console helper), and configuration changes are saved.
The --probe action instructs authconfig to use DNS and other means
to guess at configuration information for the current host, print its guesses
if it finds them to standard output, and exit.
If --nostart is specified (which is what the install program does),
ypbind or other daemons will not be started or stopped immediately following
program execution, but only enabled to start or stop at boot time.
The --enablenis, --enableldap, --enablewinbind,
and --enablehesiod options
are used to configure user information services in /etc/nsswitch.conf,
the --enablecache option is used to configure naming services caching,
and the --enableshadow, --enablemd5, --enableldapauth,
--enablekrb5, --enablewinbindauth,
and --enablesmbauth options are used to configure
authentication functions via /etc/pam.d/system-auth. Each
--enable has a matching --disable option that disables the service
if it is already enabled. The respective services have parameters which configure
their server names etc.
The algorithm used for storing new password hashes can be specified by
the --passalgo option which takes one of the following possible values as
a parameter: descrypt, bigcrypt, md5, sha256, and
sha512.
The --enablelocauthorize option allows to bypass checking network
authentication services for authorization and the --enablesysnetauth
allows authentication of system accounts (with uid < 500) by these services.
The list of options mentioned here in the manual page is not exhaustive, please
refer to authconfig --help for the complete list of the options.
The authconfig-tui supports all options of authconfig but it implies
--update as the default action. Its window contains a Cancel
button by default. If --back option is specified at run time, a Back
button is presented instead. If --kickstart is specified, no interactive
screens will be seen. The values the program will use will be those specified by
the other options (--passalgo, --enableshadow, etc.).
For namelist you may substitute either a single name or a
comma-separated list of names.
NOTES
The authconfig-tui is deprecated. No new configuration settings will be
supported by its text user interface. Use system-config-authentication GUI
application or the command line options instead.
RETURN CODES
authconfig returns 0 on success, 2 on error.
authconfig-tui returns 0 on success, 2 on error, and 1 if the user cancelled
the program (by using either the Cancel or Back button).
FILES
| Tag | Description |
|---|
|
|
|
/etc/sysconfig/authconfig
|
| |
Used to track whether or not particular authentication mechanisms are enabled.
Currently includes variables named USESHADOW, USEMD5, USEKERBEROS, USELDAPAUTH,
USESMBAUTH, USEWINBIND, USEWINBINDAUTH, USEHESIOD, USENIS, USELDAP, and others.
|
|
/etc/passwd,
|
| |
Used for shadow password support.
|
|
/etc/yp.conf
|
| |
Configuration file for NIS support.
|
|
/etc/sysconfig/network
|
| |
Another configuration file for NIS support.
|
|
/etc/ldap.conf
|
| |
/etc/openldap/ldap.conf
Used to configure LDAP (and OpenLDAP, respectively).
|
|
/etc/krb5.conf
|
| |
Used to configure Kerberos 5.
|
|
/etc/krb.conf
|
| |
Used to configure Kerberos IV (write-only).
|
|
/etc/hesiod.conf
|
| |
Used to configure Hesiod.
|
|
/etc/pam_smb.conf
|
| |
Used to configure SMB authentication.
|
|
/etc/samba/smb.conf
|
| |
Used to configure winbind authentication.
|
|
/etc/nsswitch.conf
|
| |
Used to configure user information services.
|
|
/etc/pam.d/system-auth
|
| |
Common PAM configuration for system services which include it using the
include directive. It is created as symlink and not relinked if
it points to another file.
|
|
/etc/pam.d/system-auth-ac
|
| |
Contains the actual PAM configuration for system services and is the
default target of the /etc/pam.d/system-auth symlink. If a local configuration
of PAM is created (and symlinked from system-auth file) this file can be included
there.
|
SEE ALSO
nsswitch.conf(5),
smb.conf(5)
AUTHORS
|
