Authentication Configuration
If you are performing a workstation-class installation, please skip ahead to the section called GUI X Configuration Tool.
If you are performing a server-class installation, please skip ahead to the section called Preparing to Install.
You may skip this section if you will not be setting up network passwords. If you are unsure as to whether you should do this, please ask your system administrator for assistance.
Unless you are setting up NIS authentication, you will notice that both MD5 and shadow passwords are selected (see Figure 15-20). We recommend you use both to make your machine as secure as possible.
To configure the NIS option, you must be connected to an NIS network. If you are unsure whether you are connected to an NIS network, please ask your system administrator.
MD5 Password -- allows a long password to be used (up to 256 characters), instead of the standard eight letters or less.
Shadow Password -- provides a secure method of retaining passwords. The passwords are stored in /etc/shadow, which is readable only by root.
Enable NIS -- allows you to run a group of computers in the same Network Information Service domain with a common password and group file. There are two options to choose from here:
NIS Domain -- this option allows you to specify which domain or group of computers your system belongs to.
NIS Server -- this option causes your computer to use a specific NIS server, rather than "broadcasting" a message to the local area network asking for any available server to host your system.
Enable LDAP -- LDAP consolidates certain types of information within your organization. For example, all of the different lists of users within your organization can be merged into one LDAP directory. For more information about LDAP, refer to Chapter 7. There are two options to choose from here:
LDAP Server -- this option allows you to access a server running the LDAP protocol.
LDAP Base DN -- this option allows you to look up user information by its Distinguished Name (DN).
Enable Kerberos -- Kerberos is a secure system for providing network authentication services. For more information about Kerberos, see Chapter 8. There are three options to choose from here:
Realm -- this option allows you to access a network that uses Kerberos, composed of one or a few servers (also known as KDCs) and a (potentially very large) number of clients.
KDC -- this option allows you access to the Key Distribution Center (KDC), a machine that issues Kerberos tickets (sometimes called a Ticket Granting Server or TGS).
Admin Server -- this option allows you to access a server running kadmind.