29.4. Command Line Version
The Authentication Configuration Tool can also be run as a command line tool with no interface. The command line version can be used in a configuration script or a kickstart script. The authentication options are summarized in Table 29.1, “Command Line Options”.
Note
These options can also be found in the
authconfig
man page or by typing authconfig --help
at a shell prompt.
Option | Description |
---|---|
--enableshadow | Enable shadow passwords |
--disableshadow | Disable shadow passwords |
--enablemd5 | Enable MD5 passwords |
--disablemd5 | Disable MD5 passwords |
--enablenis | Enable NIS |
--disablenis | Disable NIS |
--nisdomain=<domain> | Specify NIS domain |
--nisserver=<server> | Specify NIS server |
--enableldap | Enable LDAP for user information |
--disableldap | Disable LDAP for user information |
--enableldaptls | Enable use of TLS with LDAP |
--disableldaptls | Disable use of TLS with LDAP |
--enableldapauth | Enable LDAP for authentication |
--disableldapauth | Disable LDAP for authentication |
--ldapserver=<server> | Specify LDAP server |
--ldapbasedn=<dn> | Specify LDAP base DN |
--enablekrb5 | Enable Kerberos |
--disablekrb5 | Disable Kerberos |
--krb5kdc=<kdc> | Specify Kerberos KDC |
--krb5adminserver=<server> | Specify Kerberos administration server |
--krb5realm=<realm> | Specify Kerberos realm |
--enablekrb5kdcdns | Enable use of DNS to find Kerberos KDCs |
--disablekrb5kdcdns | Disable use of DNS to find Kerberos KDCs |
--enablekrb5realmdns | Enable use of DNS to find Kerberos realms |
--disablekrb5realmdns | Disable use of DNS to find Kerberos realms |
--enablesmbauth | Enable SMB |
--disablesmbauth | Disable SMB |
--smbworkgroup=<workgroup> | Specify SMB workgroup |
--smbservers=<server> | Specify SMB servers |
--enablewinbind | Enable winbind for user information by default |
--disablewinbind | Disable winbind for user information by default |
--enablewinbindauth | Enable winbindauth for authentication by default |
--disablewinbindauth | Disable winbindauth for authentication by default |
--smbsecurity=<user|server|domain|ads> | Security mode to use for Samba and winbind |
--smbrealm=<STRING> | Default realm for Samba and winbind when security=ads |
--smbidmapuid=<lowest-highest> | UID range winbind assigns to domain or ADS users |
--smbidmapgid=<lowest-highest> | GID range winbind assigns to domain or ADS users |
--winbindseparator=<\> | Character used to separate the domain and user part of winbind usernames if winbindusedefaultdomain is not enabled |
--winbindtemplatehomedir=</home/%D/%U> | Directory that winbind users have as their home |
--winbindtemplateprimarygroup=<nobody> | Group that winbind users have as their primary group |
--winbindtemplateshell=</bin/false> | Shell that winbind users have as their default login shell |
--enablewinbindusedefaultdomain | Configures winbind to assume that users with no domain in their usernames are domain users |
--disablewinbindusedefaultdomain | Configures winbind to assume that users with no domain in their usernames are not domain users |
--winbindjoin=<Administrator> | Joins the winbind domain or ADS realm now as this administrator |
--enablewins | Enable WINS for hostname resolution |
--disablewins | Disable WINS for hostname resolution |
--enablehesiod | Enable Hesiod |
--disablehesiod | Disable Hesiod |
--hesiodlhs=<lhs> | Specify Hesiod LHS |
--hesiodrhs=<rhs> | Specify Hesiod RHS |
--enablecache | Enable nscd |
--disablecache | Disable nscd |
--nostart | Do not start or stop the portmap , ypbind , or nscd services even if they are configured |
--kickstart | Do not display the user interface |
--probe | Probe and display network defaults |