Product SiteDocumentation Site

Chapter 26. Authentication Configuration

26.1. User Information
26.2. Authentication
26.3. Options
26.4. Command Line Version
When a user logs in to a Red Hat Enterprise Linux system, the username and password combination must be verified, or authenticated, as a valid and active user. Sometimes the information to verify the user is located on the local system, and other times the system defers the authentication to a user database on a remote system.
The Authentication Configuration Tool provides a graphical interface for configuring user information retrieval from NIS, LDAP, and Hesiod servers. This tool also allows you to configure LDAP, Kerberos, and SMB as authentication protocols.

Note

If you configured a medium or high security level during installation (or with the Security Level Configuration Tool), then the firewall will prevent NIS (Network Information Service) authentication.
This chapter does not explain each of the different authentication types in detail. Instead, it explains how to use the Authentication Configuration Tool to configure them.
To start the graphical version of the Authentication Configuration Tool from the desktop, select the System (on the panel) > Administration > Authentication or type the command system-config-authentication at a shell prompt (for example, in an XTerm or a GNOME terminal).

Important

After exiting the authentication program, the changes made take effect immediately.

26.1. User Information

The User Information tab allows you to configure how users should be authenticated, and has several options. To enable an option, click the empty checkbox beside it. To disable an option, click the checkbox beside it to clear the checkbox. Click OK to exit the program and apply the changes.
User Information
User Information
Figure 26.1. User Information

The following list explains what each option configures:
NIS
 The Enable NIS Support option configures the system to connect to an NIS server (as an NIS client) for user and password authentication. Click the Configure NIS... button to specify the NIS domain and NIS server. If the NIS server is not specified, the daemon attempts to find it via broadcast.
The ypbind package must be installed for this option to work. If NIS support is enabled, the portmap and ypbind services are started and are also enabled to start at boot time.
For more information about NIS, refer to Section 43.2.3, “Securing NIS”.
LDAP
The Enable LDAP Support option instructs the system to retrieve user information via LDAP. Click the Configure LDAP... button to specify the following:
The openldap-clients package must be installed for this option to work.
For more information about LDAP, refer to Chapter 25, Lightweight Directory Access Protocol (LDAP).
Hesiod
The Enable Hesiod Support option configures the system to retrieve information (including user information) from a remote Hesiod database. Click the Configure Hesiod... button to specify the following:
  • Hesiod LHS — Specifies the domain prefix used for Hesiod queries.
  • Hesiod RHS — Specifies the default Hesiod domain.
The hesiod package must be installed for this option to work.
For more information about Hesiod, refer to its man page using the command man hesiod. You can also refer to the hesiod.conf man page (man hesiod.conf) for more information on LHS and RHS.
Winbind
The Enable Winbind Support option configures the system to connect to a Windows Active Directory or a Windows domain controller. User information from the specified directory or domain controller can then be accessed, and server authentication options can be configured. Click the Configure Winbind... button to specify the following:
For more information about the winbind service, refer to winbindd under Section 20.2, “Samba Daemons and Related Services”.