SYS: Understand the authconfig command.

Last updated on (41,872 views) - CertDepot 1 Comment ↓
Share this link
Google+0
LinkedIn0

Overview

When dealing with authentication topics, the authconfig-tui command being deprecated (tui stands for Text User Interface), the only remaining options are the system-config-authentication and authconfig commands. One is a graphical command, this other a text one.
As you can’t always get a graphical interface, it’s critical to master the command line interface.
In fact, the authconfig command is a python script and currently shares the same code as the authconfig-tui command.

Current authentication status

The current authentication status of a server is stored in the /etc/sysconfig/authconfig file thanks to shell variables.
At any time, you can get the current authentication configuration by typing either:

# authconfig --test
caching is enabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is enabled
 LDAP+TLS is enabled
 LDAP server = "ldap://server1.example.com/"
 LDAP base DN = "dc=example,dc=com"
nss_nis is disabled
 NIS server = ""
 NIS domain = ""
...

or

# cat /etc/sysconfig/authconfig
IPADOMAINJOINED=no
USEMKHOMEDIR=no
USEPAMACCESS=no
CACHECREDENTIALS=yes
USESSSDAUTH=no
USESHADOW=yes
USEWINBIND=no
PASSWDALGORITHM=md5
FORCELEGACY=no
...

Alternatively, an option is to type:

# grep -v "=no" /etc/sysconfig/authconfig
CACHECREDENTIALS=yes
USESHADOW=yes
PASSWDALGORITHM=md5
USELDAPAUTH=yes
USELOCAUTHORIZE=yes
USECRACKLIB=yes
USELDAP=yes

authconfig-tui/authconfig comparison

It can be useful to compare the authconfig-tui and authconfig commands to understand how to replace one by the other.
When running the authconfig-tui command, the screen appears like this:

                Authentication Configuration
User Information                        Authentication
[1] Cache Information         [6] Use MD5 Passwords
[2] Use LDAP                  [7] Use Shadow Passwords
[3] Use NIS                   [8] Use LDAP Authentication
[4] Use IPAv2                 [9] Use Kerberos
[5] Use Winbind               [A] Use Fingerprint reader
                              [B] Use Winbind Authentication
                              [C] Local authorization is sufficient
           Cancel                            Next

1) service start/stop nscd (requires nscd); chkconfig nscd on/off
2) authconfig –enableldap (requires nss-pam-ldapd) / –disableldap
3) authconfig –enablenis / –disablenis
4) authconfig –enableipav2 (requires pam_sss.so) / –disableipav2
5) authconfig –enablewinbind / –disablewinbind
6) authconfig –enablemd5 / –disablemd5
7) authconfig –enableshadow / –disableshadow
8) authconfig –enableldapauth (requires pam_ldap.so); service start nslcd; chkconfig nslcd on) / –disableldapauth
9) authconfig –enablekrb5 (requires pam_krb5.so) / –disablekrb5
A) authconfig –enablefingerprint / –disablefingerprint
B) authconfig –enablewinbindauth (requires pam_winbind.so+samba-client) / –disablewinbindauth
C) authconfig –enablelocauthorize / –disablelocauthorize

Every time the authconfig command is run, the –update argument needs to be added, otherwise nothing happens.
According to the selected choice, additional commands can be needed.
In the case of LDAP authentication, here are some of the options:

  • Use of nslcd (vs sssd): –enableforcelegacy
  • LDAP server: –ldapserver=”instructor.example.com”
  • LDAP base dn: –ldapbasedn=”dc=example,dc=com”
  • Use of TLS: –enableldaptls
(4 votes, average: 4.25 out of 5)
Loading...
One comment on “SYS: Understand the authconfig command.
  1. thaebich says:
    October 20, 2016 at 4:40 am

    Excellent. I have been looking for this information for quite a while on various Goggle searches. I’m being fussy as the only reason I didn’t give 5 (on reflection I should have) was that it didn’t describe the equivalent commands for the remaining authconfig-tui windows after one selected “Next” or F12..

    I would appreciated if somebody could provide details of where I could find the information on the equivalent commands for the remaining authconfig-tui windows.

Leave a Reply

Upcoming Events (Local Time)

There are no events.

Follow me on Twitter

Archives

xhampster
vceplus-200-125    | boson-200-125    | training-cissp    | actualtests-cissp    | techexams-cissp    | gratisexams-300-075    | pearsonitcertification-210-260    | examsboost-210-260    | examsforall-210-260    | dumps4free-210-260    | reddit-210-260    | cisexams-352-001    | itexamfox-352-001    | passguaranteed-352-001    | passeasily-352-001    | freeccnastudyguide-200-120    | gocertify-200-120    | passcerty-200-120    | certifyguide-70-980    | dumpscollection-70-980    | examcollection-70-534    | cbtnuggets-210-065    | examfiles-400-051    | passitdump-400-051    | pearsonitcertification-70-462    | anderseide-70-347    | thomas-70-533    | research-1V0-605    | topix-102-400    | certdepot-EX200    | pearsonit-640-916    | itproguru-70-533    | reddit-100-105    | channel9-70-346    | anderseide-70-346    | theiia-IIA-CIA-PART3    | certificationHP-hp0-s41    | pearsonitcertification-640-916    | anderMicrosoft-70-534    | cathMicrosoft-70-462    | examcollection-cca-500    | techexams-gcih    | mslearn-70-346    | measureup-70-486    | pass4sure-hp0-s41    | iiba-640-916    | itsecurity-sscp    | cbtnuggets-300-320    | blogged-70-486    | pass4sure-IIA-CIA-PART1    | cbtnuggets-100-101    | developerhandbook-70-486    | lpicisco-101    | mylearn-1V0-605    | tomsitpro-cism    | gnosis-101    | channel9Mic-70-534    | ipass-IIA-CIA-PART1    | forcerts-70-417    | tests-sy0-401    | ipasstheciaexam-IIA-CIA-PART3    | mostcisco-300-135    | buildazure-70-533    | cloudera-cca-500    | pdf4cert-2v0-621    | f5cisco-101    | gocertify-1z0-062    | quora-640-916    | micrcosoft-70-480    | brain2pass-70-417    | examcompass-sy0-401    | global-EX200    | iassc-ICGB    | vceplus-300-115    | quizlet-810-403    | cbtnuggets-70-697    | educationOracle-1Z0-434    | channel9-70-534    | officialcerts-400-051    | examsboost-IIA-CIA-PART1    | networktut-300-135    | teststarter-300-206    | pluralsight-70-486    | coding-70-486    | freeccna-100-101    | digitaltut-300-101    | iiba-CBAP    | virtuallymikebrown-640-916    | isaca-cism    | whizlabs-pmp    | techexams-70-980    | ciscopress-300-115    | techtarget-cism    | pearsonitcertification-300-070    | testking-2v0-621    | isacaNew-cism    | simplilearn-pmi-rmp    | simplilearn-pmp    | educationOracle-1z0-809    | education-1z0-809    | teachertube-1Z0-434    | villanovau-CBAP    | quora-300-206    | certifyguide-300-208    | cbtnuggets-100-105    | flydumps-70-417    | gratisexams-1V0-605    | ituonline-1z0-062    | techexams-cas-002    | simplilearn-70-534    | pluralsight-70-697    | theiia-IIA-CIA-PART1    | itexamtips-400-051    | pearsonitcertification-EX200    | pluralsight-70-480    | learn-hp0-s42    | giac-gpen    | mindhub-102-400    | coursesmsu-CBAP    | examsforall-2v0-621    | developerhandbook-70-487    | root-EX200    | coderanch-1z0-809    | getfreedumps-1z0-062    | comptia-cas-002    | quora-1z0-809    | boson-300-135    | killtest-2v0-621    | learncia-IIA-CIA-PART3    | computer-gcih    | universitycloudera-cca-500    | itexamrun-70-410    | certificationHPv2-hp0-s41    | certskills-100-105    | skipitnow-70-417    | gocertify-sy0-401    | prep4sure-70-417    | simplilearn-cisa    |
http://www.pmsas.pr.gov.br/wp-content/    | http://www.pmsas.pr.gov.br/wp-content/    |