Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 2. Configuring System Authentication
		Authentication is the process in which a user is identified and verified to a system. It requires presenting some sort of identity and credentials, such as a user name and password. The system then compares the credentials against the configured authentication service. If the credentials match and the user account is active, then the user is authenticated.
	
		Once a user is authenticated, the information is passed to the access control service to determine what the user is permitted to do. Those are the resources the user is authorized to access. Note that authentication and authorization are two separate processes.
	
		The system must have a configured list of valid account databases for it to check for user authentication. The information to verify the user can be located on the local system or the local system can reference a user database on a remote system, such as LDAP or Kerberos. A local system can use a variety of different data stores for user information, including Lightweight Directory Access Protocol (LDAP), Network Information Service (NIS), and Winbind. Both LDAP and NIS data stores can use Kerberos to authenticate users.
	
		For convenience and potentially part of single sign-on, Red Hat Enterprise Linux can use the System Security Services Daemon (SSSD) as a central daemon to authenticate the user to different identity back ends or even to ask for a ticket-granting ticket (TGT) for the user. SSSD can interact with LDAP, Kerberos, and external applications to verify user credentials.
	
		This chapter explains what tools are available in Red Hat Enterprise Linux for configuring system authentication:
	
- theipa-client-installutility and therealmdsystem for Identity Management systems; see Section 2.1, “Identity Management Tools for System Authentication” for more information
- theauthconfigutility and the authconfig UI for other systems; see Section 2.2, “Usingauthconfig” for more information
2.1. Identity Management Tools for System Authentication
Link kopierenLink in die Zwischenablage kopiert!
			You can use the 
ipa-client-install utility and the realmd system to automatically configure system authentication on Identity Management machines.
		- ipa-client-install
- Theipa-client-installutility configures a system to join the Identity Management domain as a client machine. For more information aboutipa-client-install, see the Installing a Client in the Linux Domain Identity, Authentication, and Policy Guide.Note that for Identity Management systems,ipa-client-installis preferred overrealmd.
- realmd
- Therealmdsystem joins a machine to an identity domain, such as an Identity Management or Active Directory domain. For more information aboutrealmd, see the Using realmd to Connect to an Active Directory Domain section in the Windows Integration Guide.