1.3. Available Services
All Red Hat Enterprise Linux systems have some services already available to configure authentication for local users on local systems. These include:
- Authentication Setup
- The Authentication Configuration tool (
authconfig) sets up different identity back ends and means of authentication (such as passwords, fingerprints, or smart cards) for the system.
- Identity Back End Setup
- The Security System Services Daemon (SSSD) sets up multiple identity providers (primarily LDAP-based directories such as Microsoft Active Directory or Red Hat Enterprise Linux IdM) which can then be used by both the local system and applications for users. Passwords and tickets are cached, allowing both offline authentication and single sign-on by reusing credentials.
realmdservice is a command-line utility that allows you to configure an authentication back end, which is SSSD for IdM. The
realmdservice detects available IdM domains based on the DNS records, configures SSSD, and then joins the system as an account to a domain.
- Name Service Switch (NSS) is a mechanism for low-level system calls that return information about users, groups, or hosts. NSS determines what source, that is, which modules, should be used to obtain the required information. For example, user information can be located in traditional UNIX files, such as the
/etc/passwdfile, or in LDAP-based directories, while host addresses can be read from files, such as the
/etc/hostsfile, or the DNS records; NSS locates where the information is stored.
- Authentication Mechanisms
- Pluggable Authentication Modules (PAM) provide a system to set up authentication policies. An application using PAM for authentication loads different modules that control different aspects of authentication; which PAM module an application uses is based on how the application is configured. The available PAM modules include Kerberos, Winbind, or local UNIX file-based authentication.
Other services and applications are also available, but these are common ones.