authconfig

NAME

authconfig: NCM component to manage system authentication services

DESCRIPTION

The authconfig component manages the system authentication methods on RedHat systems using the "authconfig" command. In addition, is can set additional operational parameters for LDAP authentication by modifying the /etc/ldap.conf (SL5) or the /etc/nslcd.conf (SL6) files directly. It will also enable/disable NSCD support on the client.

RESOURCES

`/software/components/authconfig/safemode`

When set to true, no actual configuration will change. Default: false.

`/software/components/authconfig/usecache`

Enable or disable nscd operation

`/software/components/authconfig/usemd5`

Enable the use of MD5 hashed password

`/software/components/authconfig/useshadow`

Enable the use of shadow password files

`/software/components/authconfig/method`

Named list (nlist) of authentication methods to enable. Supported methods are: files, ldap, nis, krb5, smb, hesiod and afs. Note that "afs" is only supported on the CERN-modified version of authconfig. Also, "files" cannot be disabled.

`/software/components/authconfig/method/{}/enable`

Enable of disable this method. Unlisted methods are always disabled.

EXAMPLE

include  pro_declaration_component_authconfig;

"/software/components/authconfig/active" = true;

"/software/components/authconfig/safemode" = false;

"/software/components/authconfig/usemd5" = true;
"/software/components/authconfig/useshadow" = true;
"/software/components/authconfig/usecache" = true;
"/software/components/authconfig/startstop" = true;

"/software/components/authconfig/method/files/enable" = true;

###  "/software/components/authconfig/method/afs/enable" = true;
###  "/software/components/authconfig/method/afs/cell" = "cern.ch";

"/software/components/authconfig/method/ldap/enable" = false;
"/software/components/authconfig/method/ldap/nssonly" = false;
"/software/components/authconfig/method/ldap/conffile" = "/etc/ldap.conf";
"/software/components/authconfig/method/ldap/servers" = list ( "tbn06.nikhef.nl" , "hooimijt.nikhef.nl" );
"/software/components/authconfig/method/ldap/basedn" = "dc=farmnet,dc=nikhef,dc=nl";
"/software/components/authconfig/method/ldap/tls/enable" = true;
"/software/components/authconfig/method/ldap/binddn" = "cn=proxyuser,dc=example,dc=com";
"/software/components/authconfig/method/ldap/bindpw" = "secret";
"/software/components/authconfig/method/ldap/rootbinddn" = "cn=manager,dc=example,dc=com";
"/software/components/authconfig/method/ldap/port" = 389;
"/software/components/authconfig/method/ldap/timeouts/idle" = 3600;
"/software/components/authconfig/method/ldap/timeouts/bind" = 30;
"/software/components/authconfig/method/ldap/timeouts/search" = 30;
"/software/components/authconfig/method/ldap/pam_filter" = "|(gid=1012)(gid=1013)";
"/software/components/authconfig/method/ldap/pam_login_attribute" = "uid";
"/software/components/authconfig/method/ldap/pam_groupdn" = "cn=SystemAdministrators,ou=DirectoryGroups,dc=farmnet,dc=nikhef,dc=nl";
"/software/components/authconfig/method/ldap/pam_member_attribute" = "uniquemember";
"/software/components/authconfig/method/ldap/tls/peercheck" = "yes";

###  "/software/components/authconfig/method/ldap/tls/cacertfile" = undef;
###  "/software/components/authconfig/method/ldap/tls/cacertdir" = undef;
###  "/software/components/authconfig/method/ldap/tls/ciphers" = undef;

"/software/components/authconfig/method/ldap/nss_base_passwd" = "OU=Users,OU=Organic Units,DC=cern,DC=ch";
"/software/components/authconfig/method/ldap/nss_base_group" = "OU=SLC,OU=Workgroups,DC=cern,DC=ch";
"/software/components/authconfig/method/ldap/bind_policy" = "soft";
"/software/components/authconfig/method/ldap/nss_map_objectclass/posixAccount" = "user";
"/software/components/authconfig/method/ldap/nss_map_objectclass/shadowAccount" = "user";
"/software/components/authconfig/method/ldap/nss_map_objectclass/posixGroup" = "group";
"/software/components/authconfig/method/ldap/nss_map_attribute/uid" = "sAMAccountName";
"/software/components/authconfig/method/ldap/nss_map_attribute/homeDirectory" = "unixHomeDirectory";
"/software/components/authconfig/method/ldap/nss_map_attribute/uniqueMember" = "member";
"/software/components/authconfig/method/ldap/pam_login_attribute" = "sAMAccountName";
"/software/components/authconfig/method/ldap/ssl" = "start_tls";

###  "/software/components/authconfig/method/ldap/pam_min_uid" = "0"; ### NOT IMPLEMENTED #
###  "/software/components/authconfig/method/ldap/pam_max_uid" = "0";### NOT IMPLEMENTED #

"/software/components/authconfig/method/nis/enable" = false;
"/software/components/authconfig/method/nis/domain" = "nikhef.nl";
"/software/components/authconfig/method/nis/servers" = list ( "ajax.nikhef.nl" );

"/software/components/authconfig/method/krb5/enable" = false;
"/software/components/authconfig/method/krb5/kdcs" = list ( "kdc.nikhef.nl" );
"/software/components/authconfig/method/krb5/adminserver" = list ( "krbadmin.nikhef.nl" );
"/software/components/authconfig/method/krb5/realm" = "NIKHEF.NL";

"/software/components/authconfig/method/smb/enable" = false;
"/software/components/authconfig/method/smb/workgroup" = "NIKHEF";
"/software/components/authconfig/method/smb/servers" = list ( "paling.nikhef.nl" );

"/software/components/authconfig/method/hesiod/enable" = false;
"/software/components/authconfig/method/hesiod/lhs" = "lefthanded";
"/software/components/authconfig/method/hesiod/rhs" = "righthanded";

NAME

DESCRIPTION

RESOURCES

/software/components/authconfig/safemode

/software/components/authconfig/usecache

/software/components/authconfig/usemd5

/software/components/authconfig/useshadow

/software/components/authconfig/method

/software/components/authconfig/method/{}/enable

SEE ALSO