AUTHCONFIG(8)AUTHCONFIG(8)NAME
authconfig, authconfig-tui - an interface for configuring system
authentication resources
SYNOPSISauthconfig
[--nostart]
[--enablecache] [--disablecache]
[--enablenis
[--nisdomain domain] [--nisserver namelist] ]
[--disablenis]
[--enableshadow] [--disableshadow]
[--enablemd5] [--disablemd5]
[--enableldap
[--enableldapauth] [--enableldaptls] [--ldapserver
namelist] [--ldapbasedn basedn]]
[--disableldap] [--disableldapauth]
[--enablekrb5
[ --krb5realm realm ] [--krb5kdc namelist]
[--krb5adminserver namelist] [--enablekrb5kdcdns]
[--disablekrb5kdcdns] [--enablekrb5realmdns] [--dis‐
ablekrb5realmdns] ]
[--disablekrb5]
[--enablehesiod
[--hesiodlhs lhs] [--hesiodrhs rhs] ] [--disablehesiod]
[--enablesmbauth
[--smbworkgroup workgroup] [--smbservers namelist]]
[--disablesmbauth]
[--enablewinbind
[--enablewinbindauth] [--smbsecurity
{user|server|domain|ads}] [--smbrealm realm]
[--smbidmapuid=range] [--smbidmapgid=range] [--win‐
bindseparator=\] [--winbindtemplateprimarygroup=group]
[--winbindtemplatehomedir=directory] [--winbindtem‐
plateshell=path] ]
[--disablewinbind] [--disablewinbindauth]
[--enablewinbindusedefaultdomain]
[--disablewinbindusedefaultdomain]
[--winbindjoin admin] [--enablewins] [--disablewins]
{--test|--update|--probe}
DESCRIPTIONauthconfig provides a simple method of configuring /etc/sysconfig/net‐
work to handle NIS, as well as /etc/passwd and /etc/shadow, the files
used for shadow password support. Basic LDAP, Kerberos 5, and SMB
(authentication) client configuration is also provided.
If --test action is specified, authconfig can be run by users other
then root, and any configuration changes are not saved but printed
instead. If --update action is specified, authconfig must be run by
root (or through console helper), and configuration changes are saved.
The --probe action instructs authconfig to use DNS and other means to
guess at configuration information for the current host, print its
guesses if it finds them to standard output, and exit.
If --nostart is specified (which is what the install program does),
ypbind or other daemons will not be started or stopped immediately fol‐
lowing program execution, but only enabled to start or stop at boot
time.
The --enablenis, --enableldap, --enablewinbind, and --enablehesiod
options are used to configure user information services in /etc/nss‐
witch.conf, the --enablecache option is used to configure naming ser‐
vices caching, and the --enableshadow, --enablemd5, --enableldapauth,
--enablekrb5, --enablewinbindauth, and --enablesmbauth options are used
to configure authentication functions via /etc/pam.d/system-auth. Each
--enable has a matching --disable option that disables the service if
it is already enabled. The respective services have parameters which
configure their server names etc.
The algorithm used for storing new password hashes can be specified by
the --passalgo option which takes one of the following possible values
as a parameter: descrypt, bigcrypt, md5, sha256, and sha512.
The --enablelocauthorize option allows to bypass checking network
authentication services for authorization and the --enablesysnetauth
allows authentication of system accounts (with uid < 500) by these ser‐
vices.
The list of options mentioned here in the manual page is not exhaus‐
tive, please refer to authconfig--help for the complete list of the
options.
The authconfig-tui supports all options of authconfig but it implies
--update as the default action. Its window contains a Cancel button by
default. If --back option is specified at run time, a Back button is
presented instead. If --kickstart is specified, no interactive screens
will be seen. The values the program will use will be those specified
by the other options (--passalgo, --enableshadow, etc.).
For namelistyou may substitute either a single name or a comma-sepa‐
rated list of names.
NOTES
The authconfig-tui is deprecated. No new configuration settings will be
supported by its text user interface. Use system-config-authentication
GUI application or the command line options instead.
RETURN CODESauthconfig returns 0 on success, 2 on error.
authconfig-tui returns 0 on success, 2 on error, and 1 if the user can‐
celled the program (by using either the Cancel or Back button).
FILES
/etc/sysconfig/authconfig
Used to track whether or not particular authentication
mechanisms are enabled. Currently includes variables
named USESHADOW, USEMD5, USEKERBEROS, USELDAPAUTH, USESM‐
BAUTH, USEWINBIND, USEWINBINDAUTH, USEHESIOD, USENIS,
USELDAP, and others.
/etc/passwd,
Used for shadow password support.
/etc/yp.conf
Configuration file for NIS support.
/etc/sysconfig/network
Another configuration file for NIS support.
/etc/ldap.conf
/etc/openldap/ldap.conf Used to configure LDAP (and
OpenLDAP, respectively).
/etc/krb5.conf
Used to configure Kerberos 5.
/etc/krb.conf
Used to configure Kerberos IV (write-only).
/etc/hesiod.conf
Used to configure Hesiod.
/etc/pam_smb.conf
Used to configure SMB authentication.
/etc/samba/smb.conf
Used to configure winbind authentication.
/etc/nsswitch.conf
Used to configure user information services.
/etc/pam.d/system-auth
Common PAM configuration for system services which
include it using the include directive. It is created as
symlink and not relinked if it points to another file.
/etc/pam.d/system-auth-ac
Contains the actual PAM configuration for system services
and is the default target of the /etc/pam.d/system-auth
symlink. If a local configuration of PAM is created (and
symlinked from system-auth file) this file can be
included there.
SEE ALSOpasswd(5), shadow(5), pwconv(1), domainname(1), ypbind(8), nss‐
witch.conf(5), smb.conf(5)AUTHORS
Nalin Dahyabhai <nalin@redhat.com>, Preston Brown <pbrown@redhat.com>,
Matt Wilson <msw@redhat.com>, Tomas Mraz <tmraz@redhat.com>
4th Berkeley Distribution 5 December 2005 AUTHCONFIG(8)