Overview
When dealing with authentication topics, the authconfig-tui command being deprecated (tui stands for Text User Interface), the only remaining options are the system-config-authentication and authconfig commands. One is a graphical command, this other a text one.
As you can’t always get a graphical interface, it’s critical to master the command line interface.
In fact, the authconfig command is a python script and currently shares the same code as the authconfig-tui command.
Current authentication status
The current authentication status of a server is stored in the /etc/sysconfig/authconfig file thanks to shell variables.
At any time, you can get the current authentication configuration by typing either:
# authconfig --test caching is enabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is enabled LDAP+TLS is enabled LDAP server = "ldap://server1.example.com/" LDAP base DN = "dc=example,dc=com" nss_nis is disabled NIS server = "" NIS domain = "" ...
or
# cat /etc/sysconfig/authconfig IPADOMAINJOINED=no USEMKHOMEDIR=no USEPAMACCESS=no CACHECREDENTIALS=yes USESSSDAUTH=no USESHADOW=yes USEWINBIND=no PASSWDALGORITHM=md5 FORCELEGACY=no ...
Alternatively, an option is to type:
# grep -v "=no" /etc/sysconfig/authconfig CACHECREDENTIALS=yes USESHADOW=yes PASSWDALGORITHM=md5 USELDAPAUTH=yes USELOCAUTHORIZE=yes USECRACKLIB=yes USELDAP=yes
authconfig-tui/authconfig comparison
It can be useful to compare the authconfig-tui and authconfig commands to understand how to replace one by the other.
When running the authconfig-tui command, the screen appears like this:
Authentication Configuration User Information Authentication [1] Cache Information [6] Use MD5 Passwords [2] Use LDAP [7] Use Shadow Passwords [3] Use NIS [8] Use LDAP Authentication [4] Use IPAv2 [9] Use Kerberos [5] Use Winbind [A] Use Fingerprint reader [B] Use Winbind Authentication [C] Local authorization is sufficient Cancel Next
1) service start/stop nscd (requires nscd); chkconfig nscd on/off
2) authconfig –enableldap (requires nss-pam-ldapd) / –disableldap
3) authconfig –enablenis / –disablenis
4) authconfig –enableipav2 (requires pam_sss.so) / –disableipav2
5) authconfig –enablewinbind / –disablewinbind
6) authconfig –enablemd5 / –disablemd5
7) authconfig –enableshadow / –disableshadow
8) authconfig –enableldapauth (requires pam_ldap.so); service start nslcd; chkconfig nslcd on) / –disableldapauth
9) authconfig –enablekrb5 (requires pam_krb5.so) / –disablekrb5
A) authconfig –enablefingerprint / –disablefingerprint
B) authconfig –enablewinbindauth (requires pam_winbind.so+samba-client) / –disablewinbindauth
C) authconfig –enablelocauthorize / –disablelocauthorize
Every time the authconfig command is run, the –update argument needs to be added, otherwise nothing happens.
According to the selected choice, additional commands can be needed.
In the case of LDAP authentication, here are some of the options:
- Use of nslcd (vs sssd): –enableforcelegacy
- LDAP server: –ldapserver=”instructor.example.com”
- LDAP base dn: –ldapbasedn=”dc=example,dc=com”
- Use of TLS: –enableldaptls
Excellent. I have been looking for this information for quite a while on various Goggle searches. I’m being fussy as the only reason I didn’t give 5 (on reflection I should have) was that it didn’t describe the equivalent commands for the remaining authconfig-tui windows after one selected “Next” or F12..
I would appreciated if somebody could provide details of where I could find the information on the equivalent commands for the remaining authconfig-tui windows.