SoFunction
Updated on 2025-04-11

Interpretation of the use of authconfig command in Linux system

Use of Linux authconfig command

authconfigIt is a command line tool for configuring Linux system authentication and account management settings, mainly used in Linux distributions of the Red Hat series such as RHEL, CentOS, and Fedora.

It provides a convenient way to configure PAM (Pluggable Authentication Modules), NSS (Name Service Switch), and LDAP, Kerberos, NIS and other authentication mechanisms.

passauthconfig, administrators can easily adjust how the system handles tasks such as user authentication, account information retrieval, etc.

Basic syntax

sudo authconfig [Options]

Common options

  • --enableldap: Enable LDAP authentication.
  • --enableldapauth: Use LDAP for authentication.
  • --ldapserver=URL: Specify the URL of the LDAP server.
  • --ldapbasedn=DN: Set the basic DN of LDAP (Distinguished Name).
  • --enablekrb5: Enable Kerberos authentication.
  • --enablekrb5kdcdns: Use DNS to find KDC (Key Distribution Center).
  • --enablemkhomedir: Automatically create the user's home directory.
  • --enableshadow: Enable shadow password.
  • --passalgo=algorithm: Set password encryption algorithm, such as md5, sha256, sha512, etc.
  • --update: Apply changes and update the configuration file.

Example

  • Enable LDAP authentication:
  • If you want the system to use LDAP for user authentication, you can run:
sudo authconfig --enableldap --enableldapauth --ldapserver= --ldapbasedn="dc=example,dc=com" --update
  • Enable Kerberos authentication:
  • To enable Kerberos authentication and assuming that KDC can be found via DNS, you can use:
sudo authconfig --enablekrb5 --enablekrb5kdcdns --update
  • Automatically create user home directory:
  • When a new user logs in for the first time, he or she automatically creates a home directory for her or her:
sudo authconfig --enablemkhomedir --update
  • Set password encryption algorithm to SHA-512:
  • Change the password encryption algorithm used by the system to SHA-512:
sudo authconfig --passalgo=sha512 --update
  • View the current configuration:
  • If you want to view the current authentication and account management configuration, you can use--testparameter:
sudo authconfig --test

This command will not make any changes to the system, but will display the current configuration status.

  • Enable shadow password and MD5 encryption
sudo authconfig --enableshadow --enablemd5 --update

Enable shadow password and MD5 encryption and update the configuration file.

  • Enable Winbind authentication
sudo authconfig --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm= --smbworkgroup=WORKGROUP --update

Enable Winbind authentication, set Samba security mode, domain, and workgroups, and update configuration files.

  • Test configuration
sudo authconfig --enableldap --enableldapauth --ldapserver= --ldapbasedn="dc=example,dc=com" --test

Test the LDAP authentication configuration, but do not apply changes.

Summarize

The above is personal experience. I hope you can give you a reference and I hope you can support me more.