AUTHCONFIG(8) AUTHCONFIG(8)
NAME
authconfig, authconfig-tui − an interface for configuring system authentication resources
SYNOPSIS
authconfig
[options] {--update|--updateall|--test|--probe|--restorebackup |--savebackup
|--restorelastbackup}
DESCRIPTION
authconfig
provides a simple method of configuring /etc/sysconfig/network to handle NIS, as well as
/etc/passwd and /etc/shadow, the files used for shadow
password support.
Basic LDAP,
Kerberos 5, and
Winbind client configuration is also provided.
If
--test
action is specified,
authconfig
can be run by users other then root, and any
configuration changes
are not saved
but printed instead.
If
--update
action is specified,
authconfig
must be run by root (or
through console helper), and configuration changes are saved. Only the files affected by the configuration
changes are overwritten. If
--updateall
action is specified,
authconfig
must be run by root (or through con-
sole helper), and all configuration files are written.
The
--probe
action instructs
authconfig
to use DNS
and other means to guess at configuration information for the current host, print its guesses if it finds them
to standard output, and exit.
The
--restorebackup
,
--savebackup
,
and
--restorelastbackup
actions provide a possibility to save and
later restore a backup of configuration files which authconfig modifies. Authconfig also saves
an
automatic
backup of configuration files before every configuration change. This special backup can be restored by the
--restorelastbackup
action.
If
--nostart
is specified (which is what the install program does), ypbind or other daemons will not be
started or stopped immediately following program execution, but only enabled to start or stop at boot time.
The
--enablenis
,
--enableldap
,
--enablewinbind
,
and
--enablehesiod
options are used to configure user
information services in
/etc/nsswitch.conf
,
the
--enablecache
option is used to configure naming services
caching, and the
--enableshadow
,
--enableldapauth
,
--enablekrb5
,
--enablewinbindauth
,
and
--enablesmbauth
options are used to configure authentication functions via
/etc/pam.d/system-auth
.
Each
--enable
has a matching
--disable
option that disables the service if it is already enabled. The respec-
tive services have parameters which configure their server names etc.
The algorithm used for storing new
password hashes can be specified by the
--passalgo
option which takes
one of the following possible values as a parameter:
descrypt
,
bigcrypt
,
md5
,
sha256
,
and
sha512
.
The
--enablelocauthorize
option allows to bypass checking network authentication services for authoriza-
tion and the
--enablesysnetauth
allows authentication of system accounts (with uid
vices.
When the configuration settings allow
use of
SSSD
for user information services and authentication,
SSSD
will be automatically used instead of the legacy services and the
SSSD
configuration will be set up so there
is a default domain populated with the settings required to connect the services. The
--enablesssd
and
--enablesssdauth
options force adding
SSSD
to
/etc/nsswitch.conf
and
/etc/pam.d/system-auth
,
but they
do not set up the domain in the
SSSD
configuration files. The
SSSD
configuration has to be set up manually.
The allowed configuration of services for
SSSD
are: LDAP for user information (
--enableldap
)
and either
LDAP (
--enableldapauth
), or Kerberos (
--enablekrb5
)
for authentication.
The list of options mentioned here in the manual page is not exhaustive,
please refer to
authconfig --help
for the complete list of the options.
The
authconfig-tui
supports all options of authconfig but it implies
--update
as the default action. Its win-
dow
contains a
Cancel
button by default. If
--back
option is specified at run time, a
Back
button is
Red Hat, Inc.
31 March 2010
1