Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
11121314151617181920
20 Chapter 1. Kickstart Installations
--enableldaptls
Use TLS (Transport Layer Security) lookups. This option allows LDAP to send en-
crypted usernames and passwords to an LDAP server before authentication.
--enablekrb5
Use Kerberos 5 for authenticating users. Kerberos itself does not know about home
directories, UIDs, or shells. So if you enable Kerberos you will need to make users’
accounts known to this workstation by enabling LDAP, NIS, or Hesiod or by using
the /usr/sbin/useradd command to make their accounts known to this worksta-
tion. If you use this option, you must have the pam_krb5 package installed.
--krb5realm
The Kerberos 5 realm to which your workstation belongs.
--krb5kdc
The KDC (or KDCs) that serve requests for the realm. If you have multiple KDCs
in your realm, separate their names with commas (,).
--krb5adminserver
The KDC in your realm that is also running kadmind. This server handles password
changing and other administrative requests. This server must be run on the master
KDC if you have more than one KDC.
--enablehesiod
Enable Hesiod support for looking up user home directories, UIDs, and
shells. More information on setting up and using Hesiod on your network is
in /usr/share/doc/glibc-2.x.x/README.hesiod, which is included in the
glibc package. Hesiod is an extension of DNS that uses DNS records to store
information about users, groups, and various other items.
--hesiodlhs
The Hesiod LHS ("left-hand side") option, set in /etc/hesiod.conf. This option is
used by the Hesiod library to determine the name to search DNS for when looking
up information, similar to LDAP’s use of a base DN.
--hesiodrhs
The Hesiod RHS ("right-hand side") option, set in /etc/hesiod.conf. This option
is used by the Hesiod library to determine the name to search DNS for when look-
ing up information, similar to LDAP’s use of a base DN.
Tip
To look up user information for "jim", the Hesiod library looks up
jim.passwd LHS RHS , which should resolve to a TXT record that looks like what
his passwd entry would look like (jim:*:501:501:Jungle Jim:/home/jim:/bin/bash).
For groups, the situation is identical, except jim.group
LHS RHS would be used.
Looking up users and groups by number is handled by making "501.uid" a CNAME for
"jim.passwd", and "501.gid" a CNAME for "jim.group". Note that the LHS and RHS do not
have periods [.] put in front of them when the library determines the name for which to
search, so the LHS and RHS usually begin with periods.