27.3. Command Line Version
The Authentication Configuration Tool can also be run as a command line tool with no interface. The command line version can be used in a configuration script or a kickstart script. The authentication options are summarized in Table 27-1.
 | Tip |
|---|---|
These options can also be found in the authconfig man page or by typing authconfig --help at a shell prompt. |
| Option | Description |
|---|---|
| --enableshadow | Enable shadow passwords |
| --disableshadow | Disable shadow passwords |
| --enablemd5 | Enable MD5 passwords |
| --disablemd5 | Disable MD5 passwords |
| --enablenis | Enable NIS |
| --disablenis | Disable NIS |
| --nisdomain=<domain> | Specify NIS domain |
| --nisserver=<server> | Specify NIS server |
| --enableldap | Enable LDAP for user information |
| --disableldap | Disable LDAP for user information |
| --enableldaptls | Enable use of TLS with LDAP |
| --disableldaptls | Disable use of TLS with LDAP |
| --enableldapauth | Enable LDAP for authentication |
| --disableldapauth | Disable LDAP for authentication |
| --ldapserver=<server> | Specify LDAP server |
| --ldapbasedn=<dn> | Specify LDAP base DN |
| --enablekrb5 | Enable Kerberos |
| --disablekrb5 | Disable Kerberos |
| --krb5kdc=<kdc> | Specify Kerberos KDC |
| --krb5adminserver=<server> | Specify Kerberos administration server |
| --krb5realm=<realm> | Specify Kerberos realm |
| --enablekrb5kdcdns | Enable use of DNS to find Kerberos KDCs |
| --disablekrb5kdcdns | Disable use of DNS to find Kerberos KDCs |
| --enablekrb5realmdns | Enable use of DNS to find Kerberos realms |
| --disablekrb5realmdns | Disable use of DNS to find Kerberos realms |
| --enablesmbauth | Enable SMB |
| --disablesmbauth | Disable SMB |
| --smbworkgroup=<workgroup> | Specify SMB workgroup |
| --smbservers=<server> | Specify SMB servers |
| --enablewinbind | Enable winbind for user information by default |
| --disablewinbind | Disable winbind for user information by default |
| --enablewinbindauth | Enable winbindauth for authentication by default |
| --disablewinbindauth | Disable winbindauth for authentication by default |
| --smbsecurity=<user|server|domain|ads> | Security mode to use for Samba and winbind |
| --smbrealm=<STRING> | Default realm for Samba and winbind when security=ads |
| --smbidmapuid=<lowest-highest> | UID range winbind assigns to domain or ADS users |
| --smbidmapgid=<lowest-highest> | GID range winbind assigns to domain or ADS users |
| --winbindseparator=<\> | Character used to separate the domain and user part of winbind usernames if winbindusedefaultdomain is not enabled |
| --winbindtemplatehomedir=</home/%D/%U> | Directory that winbind users have as their home |
| --winbindtemplateprimarygroup=<nobody> | Group that winbind users have as their primary group |
| --winbindtemplateshell=</bin/false> | Shell that winbind users have as their default login shell |
| --enablewinbindusedefaultdomain | Configures winbind to assume that users with no domain in their usernames are domain users |
| --disablewinbindusedefaultdomain | Configures winbind to assume that users with no domain in their usernames are not domain users |
| --winbindjoin=<Administrator> | Joins the winbind domain or ADS realm now as this administrator |
| --enablewins | Enable WINS for hostname resolution |
| --disablewins | Disable WINS for hostname resolution |
| --enablehesiod | Enable Hesiod |
| --disablehesiod | Disable Hesiod |
| --hesiodlhs=<lhs> | Specify Hesiod LHS |
| --hesiodrhs=<rhs> | Specify Hesiod RHS |
| --enablecache | Enable nscd |
| --disablecache | Disable nscd |
| --nostart | Do not start or stop the portmap, ypbind, or nscd services even if they are configured |
| --kickstart | Do not display the user interface |
| --probe | Probe and display network defaults |
Table 27-1. Command Line Options