Chapter 26. Authentication Configuration268• Use Shadow Passwords — Select this option to store passwords in shadow password format inthe /etc/shadow file instead of /etc/passwd. Shadow passwords are enabled by default duringinstallation and are highly recommended to increase the security of the system.The shadow-utils package must be installed for this option to work. For more information aboutshadow passwords, refer to the Users and Groups chapter in the Reference Guide.• Enable SMB Support — This option configures PAM to use an SMB server to authenticate users.Click the Configure SMB button to specify:• Workgroup — Specify the SMB workgroup to use.• Domain Controllers — Specify the SMB domain controllers to use.• Winbind — Select this option to configure the system to connect to a Windows Active Directory ora Windows domain controller. User information can be accessed, as well as server authenticationoptions can be configured.• Use MD5 Passwords — Select this option to enable MD5 passwords, which allows passwordsto be up to 256 characters instead of eight characters or less. It is selected by default duringinstallation and is highly recommended for increased security.26.3. Command Line VersionThe Authentication Configuration Tool can also be run as a command line tool with nointerface. The command line version can be used in a configuration script or a kickstart script. Theauthentication options are summarized in Table 26.1, “Command Line Options”.TipThese options can also be found in the authconfig man page or by typing authconfig--help at a shell prompt.Option Description--enableshadow Enable shadow passwords--disableshadow Disable shadow passwords--enablemd5 Enable MD5 passwords--disablemd5 Disable MD5 passwords--enablenis Enable NIS--disablenis Disable NIS--nisdomain= Specify NIS domain--nisserver= Specify NIS server--enableldap Enable LDAP for user information--disableldap Disable LDAP for user information--enableldaptls Enable use of TLS with LDAP--disableldaptls Disable use of TLS with LDAP--enableldapauth Enable LDAP for authentication
