SYS: Understand the authconfig command.

Share this link

Overview

When dealing with authentication topics, the authconfig-tui command being deprecated (tui stands for Text User Interface), the only remaining options are the system-config-authentication and authconfig commands. One is a graphical command, this other a text one.
As you can’t always get a graphical interface, it’s critical to master the command line interface.
In fact, the authconfig command is a python script and currently shares the same code as the authconfig-tui command.

Current authentication status

The current authentication status of a server is stored in the /etc/sysconfig/authconfig file thanks to shell variables.
At any time, you can get the current authentication configuration by typing either:

# authconfig --test
caching is enabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is enabled
 LDAP+TLS is enabled
 LDAP server = "ldap://server1.example.com/"
 LDAP base DN = "dc=example,dc=com"
nss_nis is disabled
 NIS server = ""
 NIS domain = ""
...

or

# cat /etc/sysconfig/authconfig
IPADOMAINJOINED=no
USEMKHOMEDIR=no
USEPAMACCESS=no
CACHECREDENTIALS=yes
USESSSDAUTH=no
USESHADOW=yes
USEWINBIND=no
PASSWDALGORITHM=md5
FORCELEGACY=no
...

Alternatively, an option is to type:

# grep -v "=no" /etc/sysconfig/authconfig
CACHECREDENTIALS=yes
USESHADOW=yes
PASSWDALGORITHM=md5
USELDAPAUTH=yes
USELOCAUTHORIZE=yes
USECRACKLIB=yes
USELDAP=yes

authconfig-tui/authconfig comparison

It can be useful to compare the authconfig-tui and authconfig commands to understand how to replace one by the other.
When running the authconfig-tui command, the screen appears like this:

                Authentication Configuration
User Information                        Authentication
[1] Cache Information         [6] Use MD5 Passwords
[2] Use LDAP                  [7] Use Shadow Passwords
[3] Use NIS                   [8] Use LDAP Authentication
[4] Use IPAv2                 [9] Use Kerberos
[5] Use Winbind               [A] Use Fingerprint reader
                              [B] Use Winbind Authentication
                              [C] Local authorization is sufficient
           Cancel                            Next

1) service start/stop nscd (requires nscd); chkconfig nscd on/off
2) authconfig –enableldap (requires nss-pam-ldapd) / –disableldap
3) authconfig –enablenis / –disablenis
4) authconfig –enableipav2 (requires pam_sss.so) / –disableipav2
5) authconfig –enablewinbind / –disablewinbind
6) authconfig –enablemd5 / –disablemd5
7) authconfig –enableshadow / –disableshadow
8) authconfig –enableldapauth (requires pam_ldap.so); service start nslcd; chkconfig nslcd on) / –disableldapauth
9) authconfig –enablekrb5 (requires pam_krb5.so) / –disablekrb5
A) authconfig –enablefingerprint / –disablefingerprint
B) authconfig –enablewinbindauth (requires pam_winbind.so+samba-client) / –disablewinbindauth
C) authconfig –enablelocauthorize / –disablelocauthorize

Every time the authconfig command is run, the –update argument needs to be added, otherwise nothing happens.
According to the selected choice, additional commands can be needed.
In the case of LDAP authentication, here are some of the options:

  • Use of nslcd (vs sssd): –enableforcelegacy
  • LDAP server: –ldapserver=”instructor.example.com”
  • LDAP base dn: –ldapbasedn=”dc=example,dc=com”
  • Use of TLS: –enableldaptls
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4.00 out of 5)
Loading...

Leave a Reply

1 Comment on "SYS: Understand the authconfig command."

Notify of
Sort by:   newest | oldest
thaebich
Member
thaebich

Excellent. I have been looking for this information for quite a while on various Goggle searches. I’m being fussy as the only reason I didn’t give 5 (on reflection I should have) was that it didn’t describe the equivalent commands for the remaining authconfig-tui windows after one selected “Next” or F12..

I would appreciated if somebody could provide details of where I could find the information on the equivalent commands for the remaining authconfig-tui windows.

wpDiscuz

RHCSA7: Task of the day

Allowed time: 10 minutes.
Create an EXT4 file system mounted by UUID in /etc/fstab under /vol based on a logical volume of 28 logical extents.

RHCE7: Task of the day

Allowed time: 5 minutes.
Set up time synchronization with default configuration.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...

Recent Comments