Authentication Configuration

If you are performing a custom installation, your next step is to configure the type of password authentication your Red Hat Linux system will use (see Figure 14-33). You will also have the opportunity to configure NIS support; If you are unsure as to whether or not you should do this, ask your network administrator.

Here's a brief explanation of the authentication password prompts:

• Use Shadow Passwords -- provides a very secure method of retaining passwords for you. The password filed in the /etc/passwd file is replaced by /etc/shadow which is readable only by root.

• Enable MD5 Passwords -- allows a long password to be used (up to 256 characters) instead of the standard eight letters or less.

• Enable NIS -- allows you to run a group of computers in the same Network Information Service domain with a common password and group file. There are two options here to choose from:

  • NIS Domain -- this option allows you to specify which domain or group of computers your system will belong to.

  • NIS Server -- this option causes your computer to use a specific NIS server, rather than "broadcasting" a message to the local area network asking for any available server to host your system.

• Enable LDAP -- LDAP consolidates certain types of information within your organization. For example, all of the different lists of users within your organization can be merged into one LDAP directory. For more information about LDAP, refer to Chapter 7. There are two options to choose from here:

  • LDAP Server -- this option allows you to access a server running the LDAP protocol.

  • LDAP Base DN -- this option allows you to look up user information by its Distinguished Name (DN).

• Enable Kerberos -- Kerberos is a secure system for providing network authentication services. For more information about Kerberos, see Chapter 8. There are three options to choose from here:

  • Realm -- this option allows you to access a network that uses Kerberos, composed of one or a few servers (also known as KDCs) and a (potentially very large) number of clients.

  • KDC -- this option allows you access to the Key Distribution Center (KDC), a machine that issues Kerberos tickets (sometimes called a Ticket Granting Server or TGS).

  • Admin Server -- this option allows you to access a server running kadmind.

	Please Note
	To configure the NIS option, you must be connected to an NIS network. If you are unsure whether you are connected to an NIS network, please ask your network administrator.

Unless you are setting up NIS, you will notice that both shadow passwords and MD5 passwords are selected. We recommend you use both to make your machine as secure as possible.