ncm-authconfig: NCM component to manage system authentication services.


The authconfig component manages the system authentication methods on RedHat systems using the authconfig command. In addition, it can set additional operational parameters for LDAP authentication by modifying the /etc/ldap.conf (SL5), the /etc/nslcd.conf (SL6) or /etc/sssd/sssd.conf (EL6/7) files directly. It will also enable/disable NSCD support on the client.


include "components/authconfig/config";

prefix "/software/components/authconfig";
"active" = true;

"safemode" = false;

"usemd5" = true;
"useshadow" = true;
"usecache" = true;

prefix "/software/components/authconfig/method/files";
"enable" = true;

prefix "/software/components/authconfig/method/ldap";
"enable" = false;
"nssonly" = false;
"conffile" = "/etc/ldap.conf";
"servers" = list ("", "");
"basedn" = "dc=farmnet,dc=nikhef,dc=nl";
"tls/enable" = true;
"binddn" = "cn=proxyuser,dc=example,dc=com";
"bindpw" = "secret";
"rootbinddn" = "cn=manager,dc=example,dc=com";
"port" = 389;
"timeouts/idle" = 3600;
"timeouts/bind" = 30;
"timeouts/search" = 30;
"pam_filter" = "|(gid=1012)(gid=1013)";
"pam_login_attribute" = "uid";
"pam_groupdn" = "cn=SystemAdministrators,ou=DirectoryGroups,dc=farmnet,dc=nikhef,dc=nl";
"pam_member_attribute" = "uniquemember";
"tls/peercheck" = "yes";

"tls/cacertfile" = undef;
"tls/cacertdir" = undef;
"tls/ciphers" = undef;

"nss_base_passwd" = "OU=Users,OU=Organic Units,DC=cern,DC=ch";
"nss_base_group" = "OU=SLC,OU=Workgroups,DC=cern,DC=ch";
"bind_policy" = "soft";
"nss_map_objectclass/posixAccount" = "user";
"nss_map_objectclass/shadowAccount" = "user";
"nss_map_objectclass/posixGroup" = "group";
"nss_map_attribute/uid" = "sAMAccountName";
"nss_map_attribute/homeDirectory" = "unixHomeDirectory";
"nss_map_attribute/uniqueMember" = "member";
"pam_login_attribute" = "sAMAccountName";
"ssl" = "start_tls";

"pam_min_uid" = "0"; # NOT IMPLEMENTED #
"pam_max_uid" = "0";# NOT IMPLEMENTED #

prefix "/software/components/authconfig/method/nis";
"enable" = false;
"domain" = "";
"servers" = list ( "" );

prefix "/software/components/authconfig/method/krb5";
"enable" = false;
"kdcs" = list ( "" );
"adminserver" = list ( "" );
"realm" = "NIKHEF.NL";

prefix "/software/components/authconfig/method/smb";
"enable" = false;
"workgroup" = "NIKHEF";
"servers" = list ( "" );

prefix "/software/components/authconfig/method/hesiod";
"enable" = false;
"lhs" = "lefthanded";
"rhs" = "righthanded";