Authentication Configuration

If you are performing a personal desktop, workstation, or server installation, please skip ahead to the next section. You may skip this section if you will not be setting up network passwords. If you do not know whether you should do this, ask your system administrator for assistance.

Unless you are setting up NIS (Network Information Service) authentication, you will notice that only MD5 and shadow passwords are selected (see Figure 2-25). We recommend you use both to make your machine as secure as possible.

To configure the NIS option, you must be connected to an NIS network. If you are not sure whether you are connected to an NIS network, ask your system administrator.

Figure 2-25. Authentication Configuration

The following list describes the options you can configure on the Authentication Configuration screen:

• Enable MD5 passwords — Allows a long password to be used (up to 256 characters), instead of the standard eight characters or less.

• Enable shadow passwords — Provides a secure method for retaining passwords. The passwords are stored in /etc/shadow, which can only be read by root.

• Enable NIS— Allows you to run a group of computers in the same NIS domain with a common password and group file. You can choose from the following options:

  • NIS Domain: Allows you to specify the domain or group of computers your system belongs to.

  • Use broadcast to find NIS server: Allows you to broadcast a message to your local area network to find an available NIS server.

  • NIS Server: Causes your computer to use a specific NIS server, rather than broadcasting a message to the local area network asking for any available server to host your system.

    Note

    If you have selected a medium or high firewall to be set up during this installation, network authentication methods (NIS and LDAP) will not work.

• Enable LDAP — Tells your computer to use LDAP for some or all authentication. LDAP consolidates certain types of information within your organization. For example, all of the different lists of users within your organization can be merged into one LDAP directory. For more information about LDAP, see the Official Red Hat Linux Administrator’s Guide from Red Hat Press. You can choose from the following options:

  • LDAP Server: Allows you to access a specified server (by providing an IP address) running the LDAP protocol.

  • LDAP Base DN: Allows you to look up user information by its Distinguished Name (DN).

  • Use TLS (Transport Layer Security) lookups: Allows LDAP to send encrypted user names and passwords to an LDAP server before authentication.

• Enable Kerberos — Kerberos is a secure system for providing network authentication services. For more information about Kerberos, see the Official Red Hat Linux Administrator’s Guide from Red Hat Press. There are three options to choose from here:

  • Realm: Allows you to access a network that uses Kerberos, composed of one or a few servers (also known as KDCs) and a potentially large number of clients.

  • KDC (Key Distribution Center): Allows you access to the KDC, a machine that issues Kerberos tickets (sometimes called a Ticket Granting Server or TGS).

  • Admin Server:Allows you to access a server running kadmind.

• Enable SMB Authentication — Configures PAM to use an SMB server to authenticate users. You must supply two pieces of information here:

  • SMB Server: Indicates which SMB server your workstation will connect to for authentication.

  • SMBWorkgroup: Indicates which workgroup the configured SMB servers are in.

    Tip

    To change your authentication configuration after you have completed the installation, click the Main Menu button and choose System Settings > Authentication (or type the authconfig command from a shell prompt) to launch the Authentication Configuration tool. If you are not logged in as root, Linux will prompt you for the root password to continue.