26.3. Command Line Version

The Authentication Configuration Tool can also be run as a command line tool with no interface. The command line version can be used in a configuration script or a kickstart script. The authentication options are summarized in Table 26.1, “Command Line Options”.

Note

These options can also be found in the authconfig man page or by typing authconfig --help at a shell prompt.

Table 26.1. Command Line Options

Option Description
--enableshadow Enable shadow passwords
--disableshadow Disable shadow passwords
--enablemd5 Enable MD5 passwords
--disablemd5 Disable MD5 passwords
--enablenis Enable NIS
--disablenis Disable NIS
--nisdomain=<domain> Specify NIS domain
--nisserver=<server> Specify NIS server
--enableldap Enable LDAP for user information
--disableldap Disable LDAP for user information
--enableldaptls Enable use of TLS with LDAP
--disableldaptls Disable use of TLS with LDAP
--enableldapauth Enable LDAP for authentication
--disableldapauth Disable LDAP for authentication
--ldapserver=<server> Specify LDAP server
--ldapbasedn=<dn> Specify LDAP base DN
--enablekrb5 Enable Kerberos
--disablekrb5 Disable Kerberos
--krb5kdc=<kdc> Specify Kerberos KDC
--krb5adminserver=<server> Specify Kerberos administration server
--krb5realm=<realm> Specify Kerberos realm
--enablekrb5kdcdns Enable use of DNS to find Kerberos KDCs
--disablekrb5kdcdns Disable use of DNS to find Kerberos KDCs
--enablekrb5realmdns Enable use of DNS to find Kerberos realms
--disablekrb5realmdns Disable use of DNS to find Kerberos realms
--enablesmbauth Enable SMB
--disablesmbauth Disable SMB
--smbworkgroup=<workgroup> Specify SMB workgroup
--smbservers=<server> Specify SMB servers
--enablewinbind Enable winbind for user information by default
--disablewinbind Disable winbind for user information by default
--enablewinbindauth Enable winbindauth for authentication by default
--disablewinbindauth Disable winbindauth for authentication by default
--smbsecurity=<user|server|domain|ads> Security mode to use for Samba and winbind
--smbrealm=<STRING> Default realm for Samba and winbind when security=ads
--smbidmapuid=<lowest-highest> UID range winbind assigns to domain or ADS users
--smbidmapgid=<lowest-highest> GID range winbind assigns to domain or ADS users
--winbindseparator=<\> Character used to separate the domain and user part of winbind usernames if winbindusedefaultdomain is not enabled
--winbindtemplatehomedir=</home/%D/%U> Directory that winbind users have as their home
--winbindtemplateprimarygroup=<nobody> Group that winbind users have as their primary group
--winbindtemplateshell=</bin/false> Shell that winbind users have as their default login shell
--enablewinbindusedefaultdomain Configures winbind to assume that users with no domain in their usernames are domain users
--disablewinbindusedefaultdomain Configures winbind to assume that users with no domain in their usernames are not domain users
--winbindjoin=<Administrator> Joins the winbind domain or ADS realm now as this administrator
--enablewins Enable WINS for hostname resolution
--disablewins Disable WINS for hostname resolution
--enablehesiod Enable Hesiod
--disablehesiod Disable Hesiod
--hesiodlhs=<lhs> Specify Hesiod LHS
--hesiodrhs=<rhs> Specify Hesiod RHS
--enablecache Enable nscd
--disablecache Disable nscd
--nostart Do not start or stop the portmap, ypbind, or nscd services even if they are configured
--kickstart Do not display the user interface
--probe Probe and display network defaults