NAME
ncm-authconfig
: NCM component to manage system authentication services.
DESCRIPTION
The authconfig component manages the system authentication methods
on RedHat systems using the authconfig
command. In addition, it can
set additional operational parameters for LDAP authentication by
modifying the /etc/ldap.conf
(SL5), the /etc/nslcd.conf
(SL6)
or /etc/sssd/sssd.conf
(EL6/7) files directly.
It will also enable/disable NSCD support on the client.
EXAMPLE
include "components/authconfig/config";
prefix "/software/components/authconfig";
"active" = true;
"safemode" = false;
"usemd5" = true;
"useshadow" = true;
"usecache" = true;
prefix "/software/components/authconfig/method/files";
"enable" = true;
prefix "/software/components/authconfig/method/ldap";
"enable" = false;
"nssonly" = false;
"conffile" = "/etc/ldap.conf";
"servers" = list ("tbn06.nikhef.nl", "hooimijt.nikhef.nl");
"basedn" = "dc=farmnet,dc=nikhef,dc=nl";
"tls/enable" = true;
"binddn" = "cn=proxyuser,dc=example,dc=com";
"bindpw" = "secret";
"rootbinddn" = "cn=manager,dc=example,dc=com";
"port" = 389;
"timeouts/idle" = 3600;
"timeouts/bind" = 30;
"timeouts/search" = 30;
"pam_filter" = "|(gid=1012)(gid=1013)";
"pam_login_attribute" = "uid";
"pam_groupdn" = "cn=SystemAdministrators,ou=DirectoryGroups,dc=farmnet,dc=nikhef,dc=nl";
"pam_member_attribute" = "uniquemember";
"tls/peercheck" = "yes";
"tls/cacertfile" = undef;
"tls/cacertdir" = undef;
"tls/ciphers" = undef;
"nss_base_passwd" = "OU=Users,OU=Organic Units,DC=cern,DC=ch";
"nss_base_group" = "OU=SLC,OU=Workgroups,DC=cern,DC=ch";
"bind_policy" = "soft";
"nss_map_objectclass/posixAccount" = "user";
"nss_map_objectclass/shadowAccount" = "user";
"nss_map_objectclass/posixGroup" = "group";
"nss_map_attribute/uid" = "sAMAccountName";
"nss_map_attribute/homeDirectory" = "unixHomeDirectory";
"nss_map_attribute/uniqueMember" = "member";
"pam_login_attribute" = "sAMAccountName";
"ssl" = "start_tls";
"pam_min_uid" = "0"; # NOT IMPLEMENTED #
"pam_max_uid" = "0";# NOT IMPLEMENTED #
prefix "/software/components/authconfig/method/nis";
"enable" = false;
"domain" = "nikhef.nl";
"servers" = list ( "ajax.nikhef.nl" );
prefix "/software/components/authconfig/method/krb5";
"enable" = false;
"kdcs" = list ( "kdc.nikhef.nl" );
"adminserver" = list ( "krbadmin.nikhef.nl" );
"realm" = "NIKHEF.NL";
prefix "/software/components/authconfig/method/smb";
"enable" = false;
"workgroup" = "NIKHEF";
"servers" = list ( "paling.nikhef.nl" );
prefix "/software/components/authconfig/method/hesiod";
"enable" = false;
"lhs" = "lefthanded";
"rhs" = "righthanded";