If you are performing a workstation or server
installation, please skip ahead to the section called Package Group Selection.
You may skip this section if you will not be setting up network
passwords. If you do not know whether you should do this, please ask
your system administrator for assistance.
Unless you are setting up NIS authentication, you will
notice that only MD5 and
shadow passwords are selected (see Figure 3-17). We recommend you use both to
make your machine as secure as possible.
To configure the NIS option, you must be connected to an NIS network. If
you are not sure whether you are connected to an NIS network, please ask
your system administrator.
Enable MD5 passwords — allows a long password to
be used (up to 256 characters), instead of the standard eight
letters or less.
Enable shadow passwords — provides a secure
method for retaining passwords. The passwords are stored in
/etc/shadow, which can only be read by root.
Enable NIS — allows you to run a group of
computers in the same Network Information Service domain with a
common password and group file. You can choose from the following
two options:
NIS Domain — allows you to specify the domain
or group of computers your system belongs to.
Use broadcast to find NIS server — allows you to broadcast a
message to your local area network to find an available NIS server.
NIS Server — causes your computer to use a
specific NIS server, rather than broadcasting a message to the
local area network asking for any available server to host your
system.
Enable LDAP — tells your computer to use LDAP for
some or all authentication. LDAP consolidates certain types of
information within your organization. For example, all of the
different lists of users within your organization can be merged into
one LDAP directory. For more information about LDAP, refer to
Official Red Hat Linux Reference Guide, Lightweight Directory
Access Protocol (LDAP). You can choose from the
following options:
LDAP Server — allows you to access a
specified server (by providing an IP address) running the
LDAP protocol.
LDAP Base DN — allows you to look up
user information by its Distinguished Name (DN).
Use TLS (Transport Layer
Security) lookups — this option
allows LDAP to send encrypted user names and passwords to an
LDAP server before authentication.
Enable Kerberos — Kerberos is a secure
system for providing network authentication services. For more
information about Kerberos, see Using Kerberos 5 on
Red Hat Linux in the Official Red Hat Linux Reference Guide. There are
three options to choose from here:
Realm — this option allows you to
access a network that uses Kerberos, composed of one or a few
servers (also known as KDCs) and a potentially large number of
clients.
KDC — this option allows you access
to the Key Distribution Center (KDC), a machine that issues
Kerberos tickets (sometimes called a Ticket Granting Server or
TGS).
Admin Server — this option allows you to
access a server running kadmind.
Enable SMB Authentication — Sets up
PAM to use an SMB server to authenticate users. You must supply two
pieces of information here:
