NCM::Component::authconfig¶
NAME¶
ncm-authconfig
: NCM component to manage system authentication services.
DESCRIPTION¶
The authconfig component manages the system authentication methods
on RedHat systems using the authconfig
command. In addition, it can
set additional operational parameters for LDAP authentication by
modifying the /etc/ldap.conf
(SL5), the /etc/nslcd.conf
(SL6)
or /etc/sssd/sssd.conf
(EL6/7) files directly.
It will also enable/disable NSCD support on the client.
EXAMPLE¶
include "components/authconfig/config";
prefix "/software/components/authconfig";
"active" = true;
"safemode" = false;
"usemd5" = true;
"useshadow" = true;
"usecache" = true;
prefix "/software/components/authconfig/method/files";
"enable" = true;
prefix "/software/components/authconfig/method/ldap";
"enable" = false;
"nssonly" = false;
"conffile" = "/etc/ldap.conf";
"servers" = list ("tbn06.nikhef.nl", "hooimijt.nikhef.nl");
"basedn" = "dc=farmnet,dc=nikhef,dc=nl";
"tls/enable" = true;
"binddn" = "cn=proxyuser,dc=example,dc=com";
"bindpw" = "secret";
"rootbinddn" = "cn=manager,dc=example,dc=com";
"port" = 389;
"timeouts/idle" = 3600;
"timeouts/bind" = 30;
"timeouts/search" = 30;
"pam_filter" = "|(gid=1012)(gid=1013)";
"pam_login_attribute" = "uid";
"pam_groupdn" = "cn=SystemAdministrators,ou=DirectoryGroups,dc=farmnet,dc=nikhef,dc=nl";
"pam_member_attribute" = "uniquemember";
"tls/peercheck" = "yes";
"tls/cacertfile" = undef;
"tls/cacertdir" = undef;
"tls/ciphers" = undef;
"nss_base_passwd" = "OU=Users,OU=Organic Units,DC=cern,DC=ch";
"nss_base_group" = "OU=SLC,OU=Workgroups,DC=cern,DC=ch";
"bind_policy" = "soft";
"nss_map_objectclass/posixAccount" = "user";
"nss_map_objectclass/shadowAccount" = "user";
"nss_map_objectclass/posixGroup" = "group";
"nss_map_attribute/uid" = "sAMAccountName";
"nss_map_attribute/homeDirectory" = "unixHomeDirectory";
"nss_map_attribute/uniqueMember" = "member";
"pam_login_attribute" = "sAMAccountName";
"ssl" = "start_tls";
"pam_min_uid" = "0"; # NOT IMPLEMENTED #
"pam_max_uid" = "0";# NOT IMPLEMENTED #
prefix "/software/components/authconfig/method/nis";
"enable" = false;
"domain" = "nikhef.nl";
"servers" = list ( "ajax.nikhef.nl" );
prefix "/software/components/authconfig/method/krb5";
"enable" = false;
"kdcs" = list ( "kdc.nikhef.nl" );
"adminserver" = list ( "krbadmin.nikhef.nl" );
"realm" = "NIKHEF.NL";
prefix "/software/components/authconfig/method/smb";
"enable" = false;
"workgroup" = "NIKHEF";
"servers" = list ( "paling.nikhef.nl" );
prefix "/software/components/authconfig/method/hesiod";
"enable" = false;
"lhs" = "lefthanded";
"rhs" = "righthanded";