SYS: Understand the authconfig command.

Share this link


When dealing with authentication topics, the authconfig-tui command being deprecated (tui stands for Text User Interface), the only remaining options are the system-config-authentication and authconfig commands. One is a graphical command, this other a text one.
As you can’t always get a graphical interface, it’s critical to master the command line interface.
In fact, the authconfig command is a python script and currently shares the same code as the authconfig-tui command.

Current authentication status

The current authentication status of a server is stored in the /etc/sysconfig/authconfig file thanks to shell variables.
At any time, you can get the current authentication configuration by typing either:

# authconfig --test
caching is enabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is enabled
 LDAP+TLS is enabled
 LDAP server = "ldap://"
 LDAP base DN = "dc=example,dc=com"
nss_nis is disabled
 NIS server = ""
 NIS domain = ""


# cat /etc/sysconfig/authconfig

Alternatively, an option is to type:

# grep -v "=no" /etc/sysconfig/authconfig

authconfig-tui/authconfig comparison

It can be useful to compare the authconfig-tui and authconfig commands to understand how to replace one by the other.
When running the authconfig-tui command, the screen appears like this:

                Authentication Configuration
User Information                        Authentication
[1] Cache Information         [6] Use MD5 Passwords
[2] Use LDAP                  [7] Use Shadow Passwords
[3] Use NIS                   [8] Use LDAP Authentication
[4] Use IPAv2                 [9] Use Kerberos
[5] Use Winbind               [A] Use Fingerprint reader
                              [B] Use Winbind Authentication
                              [C] Local authorization is sufficient
           Cancel                            Next

1) service start/stop nscd (requires nscd); chkconfig nscd on/off
2) authconfig –enableldap (requires nss-pam-ldapd) / –disableldap
3) authconfig –enablenis / –disablenis
4) authconfig –enableipav2 (requires / –disableipav2
5) authconfig –enablewinbind / –disablewinbind
6) authconfig –enablemd5 / –disablemd5
7) authconfig –enableshadow / –disableshadow
8) authconfig –enableldapauth (requires; service start nslcd; chkconfig nslcd on) / –disableldapauth
9) authconfig –enablekrb5 (requires / –disablekrb5
A) authconfig –enablefingerprint / –disablefingerprint
B) authconfig –enablewinbindauth (requires / –disablewinbindauth
C) authconfig –enablelocauthorize / –disablelocauthorize

Every time the authconfig command is run, the –update argument needs to be added, otherwise nothing happens.
According to the selected choice, additional commands can be needed.
In the case of LDAP authentication, here are some of the options:

  • Use of nslcd (vs sssd): –enableforcelegacy
  • LDAP server: –ldapserver=””
  • LDAP base dn: –ldapbasedn=”dc=example,dc=com”
  • Use of TLS: –enableldaptls
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4.00 out of 5)

Leave a Reply

1 Comment on "SYS: Understand the authconfig command."

Notify of

Sort by:   newest | oldest
4 days 15 hours ago

Excellent. I have been looking for this information for quite a while on various Goggle searches. I’m being fussy as the only reason I didn’t give 5 (on reflection I should have) was that it didn’t describe the equivalent commands for the remaining authconfig-tui windows after one selected “Next” or F12..

I would appreciated if somebody could provide details of where I could find the information on the equivalent commands for the remaining authconfig-tui windows.


RHCSA7: Task of the day

Allowed time: 5 minutes.
Create two users "tom" and "engine". "tom" has the UID/GID 3000 and "engine" the UID/GID 4000. "engine" doesn't have an interactive shell.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a default secure MariaDB database called maria and create a table named people with two columns respectively name varchar(20) and age int(10) unsigned.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...