NAME
authconfig: NCM component to manage system authentication services.
DESCRIPTION
The authconfig component manages the system authentication methods
on RedHat systems using the authconfig
command. In addition, it can
set additional operational parameters for LDAP authentication by
modifying the /etc/ldap.conf
(SL5) or the /etc/nslcd.conf
(SL6) files
directly. It will also enable/disable NSCD support on the client.
RESOURCES
-
/software/components/authconfig/safemode
When set to true, no actual configuration will change. Default: false.
-
/software/components/authconfig/usecache
Enable or disable nscd operation.
-
/software/components/authconfig/usemd5
Enable the use of MD5 hashed password.
-
/software/components/authconfig/useshadow
Enable the use of shadow password files.
-
/software/components/authconfig/method
Named list (nlist) of authentication methods to enable. Supported methods are: files, ldap, nis, krb5, smb, hesiod and afs. Note that "afs" is only supported on the CERN-modified version of authconfig. Also, "files" cannot be disabled.
-
/software/components/authconfig/method/{}/enable
Enable of disable this method. Unlisted methods are always disabled.
EXAMPLE
include pro_declaration_component_authconfig;
"/software/components/authconfig/active" = true;
"/software/components/authconfig/safemode" = false;
"/software/components/authconfig/usemd5" = true;
"/software/components/authconfig/useshadow" = true;
"/software/components/authconfig/usecache" = true;
"/software/components/authconfig/startstop" = true;
"/software/components/authconfig/method/files/enable" = true;
### "/software/components/authconfig/method/afs/enable" = true;
### "/software/components/authconfig/method/afs/cell" = "cern.ch";
"/software/components/authconfig/method/ldap/enable" = false;
"/software/components/authconfig/method/ldap/nssonly" = false;
"/software/components/authconfig/method/ldap/conffile" = "/etc/ldap.conf";
"/software/components/authconfig/method/ldap/servers" = list ( "tbn06.nikhef.nl" , "hooimijt.nikhef.nl" );
"/software/components/authconfig/method/ldap/basedn" = "dc=farmnet,dc=nikhef,dc=nl";
"/software/components/authconfig/method/ldap/tls/enable" = true;
"/software/components/authconfig/method/ldap/binddn" = "cn=proxyuser,dc=example,dc=com";
"/software/components/authconfig/method/ldap/bindpw" = "secret";
"/software/components/authconfig/method/ldap/rootbinddn" = "cn=manager,dc=example,dc=com";
"/software/components/authconfig/method/ldap/port" = 389;
"/software/components/authconfig/method/ldap/timeouts/idle" = 3600;
"/software/components/authconfig/method/ldap/timeouts/bind" = 30;
"/software/components/authconfig/method/ldap/timeouts/search" = 30;
"/software/components/authconfig/method/ldap/pam_filter" = "|(gid=1012)(gid=1013)";
"/software/components/authconfig/method/ldap/pam_login_attribute" = "uid";
"/software/components/authconfig/method/ldap/pam_groupdn" = "cn=SystemAdministrators,ou=DirectoryGroups,dc=farmnet,dc=nikhef,dc=nl";
"/software/components/authconfig/method/ldap/pam_member_attribute" = "uniquemember";
"/software/components/authconfig/method/ldap/tls/peercheck" = "yes";
### "/software/components/authconfig/method/ldap/tls/cacertfile" = undef;
### "/software/components/authconfig/method/ldap/tls/cacertdir" = undef;
### "/software/components/authconfig/method/ldap/tls/ciphers" = undef;
"/software/components/authconfig/method/ldap/nss_base_passwd" = "OU=Users,OU=Organic Units,DC=cern,DC=ch";
"/software/components/authconfig/method/ldap/nss_base_group" = "OU=SLC,OU=Workgroups,DC=cern,DC=ch";
"/software/components/authconfig/method/ldap/bind_policy" = "soft";
"/software/components/authconfig/method/ldap/nss_map_objectclass/posixAccount" = "user";
"/software/components/authconfig/method/ldap/nss_map_objectclass/shadowAccount" = "user";
"/software/components/authconfig/method/ldap/nss_map_objectclass/posixGroup" = "group";
"/software/components/authconfig/method/ldap/nss_map_attribute/uid" = "sAMAccountName";
"/software/components/authconfig/method/ldap/nss_map_attribute/homeDirectory" = "unixHomeDirectory";
"/software/components/authconfig/method/ldap/nss_map_attribute/uniqueMember" = "member";
"/software/components/authconfig/method/ldap/pam_login_attribute" = "sAMAccountName";
"/software/components/authconfig/method/ldap/ssl" = "start_tls";
### "/software/components/authconfig/method/ldap/pam_min_uid" = "0"; ### NOT IMPLEMENTED #
### "/software/components/authconfig/method/ldap/pam_max_uid" = "0";### NOT IMPLEMENTED #
"/software/components/authconfig/method/nis/enable" = false;
"/software/components/authconfig/method/nis/domain" = "nikhef.nl";
"/software/components/authconfig/method/nis/servers" = list ( "ajax.nikhef.nl" );
"/software/components/authconfig/method/krb5/enable" = false;
"/software/components/authconfig/method/krb5/kdcs" = list ( "kdc.nikhef.nl" );
"/software/components/authconfig/method/krb5/adminserver" = list ( "krbadmin.nikhef.nl" );
"/software/components/authconfig/method/krb5/realm" = "NIKHEF.NL";
"/software/components/authconfig/method/smb/enable" = false;
"/software/components/authconfig/method/smb/workgroup" = "NIKHEF";
"/software/components/authconfig/method/smb/servers" = list ( "paling.nikhef.nl" );
"/software/components/authconfig/method/hesiod/enable" = false;
"/software/components/authconfig/method/hesiod/lhs" = "lefthanded";
"/software/components/authconfig/method/hesiod/rhs" = "righthanded";