SMB authentication support does not know about home directories, UIDs, or shells. enablesmbauth - Enables authentication of users against an SMB server (typically a Samba or Windows server). Therefore, if the LHS and RHS values need to have a period placed in front of them, you must include the period in the values you set for -hesiodlhs and -hesiodrhs. ) in front of the LHS and RHS values when performing a search. Note that the library does not place a period (. To look up users and groups by number, make 1001.uid a CNAME for jim.passwd, and 1001.gid a CNAME for jim.group. The Hesiod library uses these values to search DNS for a name, similar to the way that LDAP uses a base DN. hesiodlhs and -hesiodrhs - The Hesiod LHS (left-hand side) and RHS (right-hand side) values, set in /etc/nf. Hesiod is an extension of DNS that uses DNS records to store information about users, groups, and various other items. More information on setting up and using Hesiod on your network is in /usr/share/doc/glibc-2.x.x/README.hesiod, which is included in the glibc package. enablehesiod - Enables Hesiod support for looking up user home directories, UIDs, and shells. This server must be run on the master KDC if you have more than one KDC. This server handles password changing and other administrative requests. ![]() krb5adminserver= - The KDC in your realm that is also running kadmind. If you have multiple KDCs in your realm, use a comma-separated list without spaces. krb5kdc= - The KDC (or KDCs) that serve requests for the realm. ![]() krb5realm= - The Kerberos 5 realm to which your workstation belongs. If you use this option, you must have the pam_krb5 package installed. If you enable Kerberos, you must make users' accounts known to this workstation by enabling LDAP, NIS, or Hesiod or by using the useradd command. Kerberos itself does not know about home directories, UIDs, or shells. enablekrb5 - Use Kerberos 5 for authenticating users. disableldaptls - Do not use TLS (Transport Layer Security) lookups in an environment that uses LDAP for authentication. This option allows LDAP to send encrypted user names and passwords to an LDAP server before authentication. enableldaptls - Use TLS (Transport Layer Security) lookups. ldapbasedn= - If you specified either -enableldap or -enableldapauth, use this option to specify the DN in your LDAP directory tree under which user information is stored. ldapserver= - If you specified either -enableldap or -enableldapauth, use this option to specify the name of the LDAP server to use. If your environment does not use TLS (Transport Layer Security), use the -disableldaptls switch to ensure that the resulting configuration file works. You must also specify a server and a base DN with -ldapserver= and -ldapbasedn=. ![]() To use this option, you must have the nss-pam-ldapd package installed. This enables the pam_ldap module for authentication and changing passwords, using an LDAP directory. enableldapauth - Use LDAP as an authentication method. You must also specify a server and a base DN (distinguished name) with -ldapserver= and -ldapbasedn=. To use this option, you must install the nss-pam-ldapd package. enableldap - Turns on LDAP support in /etc/nf, allowing your system to retrieve information about users (for example, their UIDs, home directories, and shells) from an LDAP directory. useshadow or -enableshadow - Use shadow passwords. nisserver= - Server to use for NIS services (broadcasts by default). nisdomain= - NIS domain name to use for NIS services. A domain should almost always be set by hand with the -nisdomain= option. By default, -enablenis uses whatever domain it finds on the network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |