Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentENTERPRISE LINUX 5 - DEPLOYMENT

281

282

283

284

285

286

287

288

289

290

--ldapserver= — If you specified either --enableldap or --enableldapauth, use

this option to specify the name of the LDAP server to use. This option is set in the

/etc/ldap.conf file.

--ldapbasedn= — If you specified either --enableldap or --enableldapauth, use

this option to specify the DN in your LDAP directory tree under which user information is

stored. This option is set in the /etc/ldap.conf file.

--enableldaptls — Use TLS (Transport Layer Security) lookups. This option allows

LDAP to send encrypted usernames and passwords to an LDAP server before

authentication.

--enablekrb5 — Use Kerberos 5 for authenticating users. Kerberos itself does not

know about home directories, UIDs, or shells. If you enable Kerberos, you must make

users' accounts known to this workstation by enabling LDAP, NIS, or Hesiod or by

using the /usr/sbin/useradd command. If you use this option, you must have the

pam_krb5 package installed.

--krb5realm= — The Kerberos 5 realm to which your workstation belongs.

--krb5kdc= — The KDC (or KDCs) that serve requests for the realm. If you have

multiple KDCs in your realm, separate their names with commas (,).

--krb5adminserver= — The KDC in your realm that is also running kadmind. This

server handles password changing and other administrative requests. This server must

be run on the master KDC if you have more than one KDC.

--enablehesiod — Enable Hesiod support for looking up user home directories, UIDs,

and shells. More information on setting up and using Hesiod on your network is in

/usr/share/doc/glibc-2.x.x/README.hesiod, which is included in the glibc

package. Hesiod is an extension of DNS that uses D NS records to store information

about users, groups, and various other items.

--hesiodlhs — The Hesiod LHS (" left-hand side" ) option, set in /etc/hesiod.conf.

This option is used by the Hesiod library to determine the name to search DNS for when

looking up information, similar to LDAP's use of a base DN.

--hesiodrhs — The Hesiod RHS ("right-hand side") option, set in

/etc/hesiod.conf. This option is used by the Hesiod library to determine the name to

search DNS for when looking up information, similar to LDAP's use of a base DN.

Note

To look up user information for "jim", the Hesiod library looks up jim.passwd<LHS>

<RHS>, which should resolve to a TXT record that looks like what his passwd

entry would look like (jim:*:501:501:Jungle

Jim:/home/jim:/bin/bash). For groups, the situation is identical, except

jim.group<LHS><RHS> would be used.

Looking up users and groups by number is handled by making "501.uid" a

CNAME for "jim.passwd", and "501.gid" a CNAME for " jim.group". Note that the

library does not place a period . in front of the LHS and RHS values when

performing a search. Therefore the LHS and RHS values need to have a period

placed in front of them in order if they require this.

Red Hat Ent erprise Linux 5 Inst allat ion G uide

286