Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentENTERPRISE LINUX 5 - DEPLOYMENT

261

262

263

264

265

266

267

268

269

270

about users (UIDs, home directories, shells, etc.) from an LDAP directory. To use this op-

tion, you must install the nss_ldap package. You must also specify a server and a base DN

(distinguished name) with --ldapserver= and --ldapbasedn=.

--enableldapauth

Use LDAP as an authentication method. This enables the pam_ldap module for authentica-

tion and changing passwords, using an LDAP directory. To use this option, you must have

the nss_ldap package installed. You must also specify a server and a base DN with -

-ldapserver= and --ldapbasedn=.

--ldapserver=

If you specified either --enableldap or --enableldapauth, use this option to specify the name

of the LDAP server to use. This option is set in the /etc/ldap.conf file.

--ldapbasedn=

If you specified either --enableldap or --enableldapauth, use this option to specify the DN in

your LDAP directory tree under which user information is stored. This option is set in the /

etc/ldap.conf file.

--enableldaptls

Use TLS (Transport Layer Security) lookups. This option allows LDAP to send encrypted

usernames and passwords to an LDAP server before authentication.

--enablekrb5

Use Kerberos 5 for authenticating users. Kerberos itself does not know about home direct-

ories, UIDs, or shells. If you enable Kerberos, you must make users' accounts known to this

workstation by enabling LDAP, NIS, or Hesiod or by using the /usr/sbin/useradd command.

If you use this option, you must have the pam_krb5 package installed.

--krb5realm=

The Kerberos 5 realm to which your workstation belongs.

--krb5kdc=

The KDC (or KDCs) that serve requests for the realm. If you have multiple KDCs in your

realm, separate their names with commas (,).

--krb5adminserver=

The KDC in your realm that is also running kadmind. This server handles password chan-

ging and other administrative requests. This server must be run on the master KDC if you

have more than one KDC.

--enablehesiod

Enable Hesiod support for looking up user home directories, UIDs, and shells. More inform-

ation on setting up and using Hesiod on your network is in /

usr/share/doc/glibc-2.x.x/README.hesiod, which is included in the glibc package. Hesiod

is an extension of DNS that uses DNS records to store information about users, groups, and

various other items.

--hesiodlhs

The Hesiod LHS ("left-hand side") option, set in /etc/hesiod.conf. This option is used by

the Hesiod library to determine the name to search DNS for when looking up information,

similar to LDAP's use of a base DN.

4. Kickstart Options

246