English Chinese (Traditional) (zh_TW)
{sysconfdir}/sssd/sssd.conf
[sssd]
config_file_version = 2
domains = default
[domain/default]
id_provider = ldap
ldap_uri = _srv_
dns_discovery_domain = myrealm
And here is a configuration snippet for the same domain but now the authentication is done over Kerberos. The KDC server is auto-discovered through DNS lookups.
[domain/default]
id_provider = ldap
auth_provider = krb5
ldap_uri = _srv_
krb5_server = _srv_
krb5_realm = MYREALM
dns_discovery_domain = myrealm
If you want to configure SSSD for an IPA or Active Directory domain, use the `realm` tool. This will perform an initial setup which involves creating a Kerberos keytab and generating basic SSSD configuration. You can then tune it up by modifying {sysconfdir}/sssd/sssd.conf.
WINBIND
If you want to configure the machine to use Winbind, use `realm`. This will perform an initial setup which involves creating a Kerberos keytab and running `adcli` to join the domain. It also makes changes to `smb.conf`. You can then tune it up by modifying {sysconfdir}/samba/smb.conf.
NIS
There are several places that needs to be configured in order to make NIS authentication work. First, you need to set NIS domain and optionally also NIS server in {sysconfdir}/yp.conf.
{sysconfdir}/yp.conf
domain mydomain broadcast
# or
# domain mydomain server myserver
NIS domain must be also set in system network configuration.
{sysconfdir}/sysconfig/network
NISDOMAIN=mydomain
Now, you can set the domain name with command line so there is no need to reboot your system. Additionaly, it may be necessary to enable NIS in selinux.
$ domainname mydomain
$ setsebool -P allow_ypbind 1
PASSWORD QUALITY
Authselect enables `pam_pwquality` module to enforce password quality restrictions. This module is enabled only for local users. Remote users should use the password policy that is enforced by the respective remote server.
The `pam_pwquality` module can be configured in {sysconfdir}/security/pwquality.conf. See pam_pwquality(8) to see its configuration options and defaults.