27.3. Command Line Version

The Authentication Configuration Tool can also be run as a command line tool with no interface. The command line version can be used in a configuration script or a kickstart script. The authentication options are summarized in Table 27-1.

TipTip
 

These options can also be found in the authconfig man page or by typing authconfig --help at a shell prompt.

OptionDescription
--enableshadowEnable shadow passwords
--disableshadowDisable shadow passwords
--enablemd5Enable MD5 passwords
--disablemd5Disable MD5 passwords
--enablenisEnable NIS
--disablenisDisable NIS
--nisdomain=<domain>Specify NIS domain
--nisserver=<server>Specify NIS server
--enableldapEnable LDAP for user information
--disableldapDisable LDAP for user information
--enableldaptlsEnable use of TLS with LDAP
--disableldaptlsDisable use of TLS with LDAP
--enableldapauthEnable LDAP for authentication
--disableldapauthDisable LDAP for authentication
--ldapserver=<server>Specify LDAP server
--ldapbasedn=<dn>Specify LDAP base DN
--enablekrb5Enable Kerberos
--disablekrb5Disable Kerberos
--krb5kdc=<kdc>Specify Kerberos KDC
--krb5adminserver=<server>Specify Kerberos administration server
--krb5realm=<realm>Specify Kerberos realm
--enablekrb5kdcdnsEnable use of DNS to find Kerberos KDCs
--disablekrb5kdcdnsDisable use of DNS to find Kerberos KDCs
--enablekrb5realmdnsEnable use of DNS to find Kerberos realms
--disablekrb5realmdnsDisable use of DNS to find Kerberos realms
--enablesmbauthEnable SMB
--disablesmbauthDisable SMB
--smbworkgroup=<workgroup>Specify SMB workgroup
--smbservers=<server>Specify SMB servers
--enablewinbindEnable winbind for user information by default
--disablewinbindDisable winbind for user information by default
--enablewinbindauthEnable winbindauth for authentication by default
--disablewinbindauthDisable winbindauth for authentication by default
--smbsecurity=<user|server|domain|ads>Security mode to use for Samba and winbind
--smbrealm=<STRING>Default realm for Samba and winbind when security=ads
--smbidmapuid=<lowest-highest>UID range winbind assigns to domain or ADS users
--smbidmapgid=<lowest-highest>GID range winbind assigns to domain or ADS users
--winbindseparator=<\>Character used to separate the domain and user part of winbind usernames if winbindusedefaultdomain is not enabled
--winbindtemplatehomedir=</home/%D/%U>Directory that winbind users have as their home
--winbindtemplateprimarygroup=<nobody>Group that winbind users have as their primary group
--winbindtemplateshell=</bin/false>Shell that winbind users have as their default login shell
--enablewinbindusedefaultdomainConfigures winbind to assume that users with no domain in their usernames are domain users
--disablewinbindusedefaultdomainConfigures winbind to assume that users with no domain in their usernames are not domain users
--winbindjoin=<Administrator>Joins the winbind domain or ADS realm now as this administrator
--enablewinsEnable WINS for hostname resolution
--disablewinsDisable WINS for hostname resolution
--enablehesiodEnable Hesiod
--disablehesiodDisable Hesiod
--hesiodlhs=<lhs>Specify Hesiod LHS
--hesiodrhs=<rhs>Specify Hesiod RHS
--enablecacheEnable nscd
--disablecacheDisable nscd
--nostartDo not start or stop the portmap, ypbind, or nscd services even if they are configured
--kickstartDo not display the user interface
--probeProbe and display network defaults

Table 27-1. Command Line Options