Chapter 2. Configuring System Authentication

download PDF
Authentication is the process in which a user is identified and verified to a system. It requires presenting some sort of identity and credentials, such as a user name and password. The system then compares the credentials against the configured authentication service. If the credentials match and the user account is active, then the user is authenticated.
Once a user is authenticated, the information is passed to the access control service to determine what the user is permitted to do. Those are the resources the user is authorized to access. Note that authentication and authorization are two separate processes.
The system must have a configured list of valid account databases for it to check for user authentication. The information to verify the user can be located on the local system or the local system can reference a user database on a remote system, such as LDAP or Kerberos. A local system can use a variety of different data stores for user information, including Lightweight Directory Access Protocol (LDAP), Network Information Service (NIS), and Winbind. Both LDAP and NIS data stores can use Kerberos to authenticate users.
For convenience and potentially part of single sign-on, Red Hat Enterprise Linux can use the System Security Services Daemon (SSSD) as a central daemon to authenticate the user to different identity back ends or even to ask for a ticket-granting ticket (TGT) for the user. SSSD can interact with LDAP, Kerberos, and external applications to verify user credentials.
This chapter explains what tools are available in Red Hat Enterprise Linux for configuring system authentication:

2.1. Identity Management Tools for System Authentication

You can use the ipa-client-install utility and the realmd system to automatically configure system authentication on Identity Management machines.
The ipa-client-install utility configures a system to join the Identity Management domain as a client machine. For more information about ipa-client-install, see the Installing a Client in the Linux Domain Identity, Authentication, and Policy Guide.
Note that for Identity Management systems, ipa-client-install is preferred over realmd.
The realmd system joins a machine to an identity domain, such as an Identity Management or Active Directory domain. For more information about realmd, see the Using realmd to Connect to an Active Directory Domain section in the Windows Integration Guide.
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.