- Unix Commands Reference
- Unix Commands - Home
authconfig Command in Linux
authconfig is a command-line utility used in Linux to configure system authentication and user account settings. With authconfig command, you can manage settings related to how users authenticate to the system, such as using passwords, smart cards, or biometric factors. It allows you to configure various user data including LDAP, SSSD, NIS, Kerberos, or Winbind.
Table of Contents
- How to Install authconfig Command in Linux?
- Syntax for authconfig Command in Linux
- Different Options Available for authconfig Command
- Examples of authconfig Command in Linux
How to Install authconfig Command in Linux?
The authconfig command is preinstalled on most Linux distributions, however, if the utility is accidently removed, you can install it from your official Linux repository.
For those who are using Debian-based systems, they can try installing authconfig from the apt utility using the following command −
sudo apt install authconfig
However, on some Debian-based distributions like Ubuntu, the authconfig command is not packaged. Instead, you can use SSSD (System Security Services Daemon) for system authentication configuration, which can be installed from the following command −
sudo apt install ldap-auth-config
REHL users can install authconfig utility on their systems from the below-provided command −
sudo yum install authconfig
Fedora users can use dnf utility instead of yum to install authconfig command on their systems −
sudo dnf install authconfig
Note − You can also install the authconfig GUI version by replacing the authconfig with the authconfig-gtk in the above-provided commands.
Syntax for authconfig Command in Linux
The syntax to use the authconfig command on Linux is provided below −
authconfig [options]
Here, the authconfig keyword will invoke the authconfig command followed by the options that you have to specify to adjust the authentication settings according to your choice.
Different Options Available for authconfig Command
With authconfig command, different options can be used, which are mentioned in the table provided below −
| Option | Description |
|---|---|
| --test | Used for testing purposes, often enabling additional logging or diagnostics. |
| --update | Indicates an update operation (e.g., software updates or configuration changes). |
| --updateall | Similar to --update, but applies to all components or entities within the system. |
| --probe | Triggers a probing or discovery process (e.g., checking availability or status of services). |
| --restorebackup | Restores a backup (additional parameters specify which backup to restore) |
| --savebackup | Saves a backup of data or configuration (useful before making changes). |
| --restorelastbackup | Restores the most recent backup available. |
| --nostart | Prevents a service or process from starting (useful for troubleshooting or maintenance). |
| --enablenis | Enables Network Information Service (NIS) integration. |
| --enableldap | Enables Lightweight Directory Access Protocol (LDAP) integration. |
| --enablewinbind | Enables integration with Windows domains using the Winbind service. |
| --enablehesiod | Enables Hesiod name services (mapping usernames to other information). |
| --enableshadow | Enables shadow password support (storing password hashes separately). |
| --enableldapauth | Enables LDAP-based authentication for user logins. |
| --enablekrb5 | Enables Kerberos authentication (common in secure network environments). |
| --enablewinbindauth | Enables authentication via Winbind. |
| --enable | Generic option to enable a feature or component. |
| --disable | Generic option to disable a feature or component. |
| --passalgo | Specifies the password hashing algorithm to use. |
| --enablelocauthorize | Enables local authorization (using local user/group databases). |
| --enablesysnetauth | Enables authentication via the System Security Services Daemon (SSSD). |
| --enablesssd | Enables SSSD, providing identity and authentication services. |
| --enablesssdauth | Enables SSSD-based authentication. |
Examples of authconfig Command in Linux
Let’s discuss a few examples of authconfig commands on Linux systems. This will help you in learning how to get started with the command.
- Display the Current Configuration
- Configure the Password Hashing Algorithm on a Server
- Enable Network Information Service
- Enable Kerberos Authentication
- Enable LDAP Authentication
- Restores Last Backup
- Prevent Immediate Service Start
Display the Current Configuration
If you want to check your current authentication configuration on your system, you can use the authconfig command with the --test flag. It will display your system’s authentication resources without modifying changes to it. The command to perform such type of process is provided below −
authconfig --test
Configure the Password Hashing Algorithm on a Server
If you want to change the current password hashing algorithm on a server, you can do this by using the --passlogo option. However, before that, determine the current hashing algorithm using the following command −
authconfig --test | grep hashing
After that, you can use the below-given syntax to change the password hashing algorithm −
authconfig --update --passalgo=hashing_alogrithm
The --update option must be used to update the configuration, while replace the hashing_algorithm with any of the following hashing algorithms −
- md5
- sha256
- sha512
- descrypt
- bigcrypt
For example, to switch to sha256 hashing algorithm, use the below-given command −
authconfig --update --passalgo=sha256
Enable Network Information Service (NIS)
Network Information Service (NIS) simplifies network administration by providing centralized control over various network information. It stores details about workstations, users, the network, and services. You can enable the NIS on your Linux system by using the following command −
authconfig --update --enablenis
Enable Kerberos Authentication
Kerberos authentication is a secure network authentication protocol that allows clients and servers to verify each other’s identities. You can enable the Kerberos authentication on your Linux system by using the --enablekrb5 option with the authconfig command −
authconfig --update --enablekrb5
Enable LDAP Authentication
If you want to configure the system to authenticate users against an LDAP directory service, you can use the --enableldapauth option. This will enable the LDAP authentication on your Linux system −
authconfig --update --enableldapauth
Restores Last Backup
The authconfig command creates a backup for an automatic snapshot of configuration files before any changes are made. These backups are stored in the /var/lib/authconfig/backup-config_backup/ directory. You can restore the last backup created by the authconfig using the following command −
authconfig --restorebackup=config_backup
Here, replace the config_backup with the actual name of the backup you want to restore.
Prevent Immediate Service Start
If you want to prevent immediate service start after the authconfig command is executed, you can use the --nostart option. The command for such a process is as follows −
authconfig --nostart
For example, let’s restore the last automatic backup of configuration files modified by authconfig and prevents immediate service start using the command below −
authconfig --restorelastbackup --nostart
That’s how you can use the authconfig command on Linux to perform several activities on your system.
Note − The authconfig-tui is a text-based user interface of authconfig command. However, it has been deprecated, and no new configuration settings will be supported through its TUI. You can use the system-config-authentication GUI or command line interface for managing configuration authentication on your Linux system.
Return Codes − When you use the authconfig command, it gives you a 0 if everything goes well (success) and a 2 if there’s an error. For the case of authconfig-tui, it also gives you a 0 for success and a 2 for an error, however, if you decide to cancel the program (by clicking Cancel or Back), it gives you a 1.
Files − There are some files associated with the authconfig on your Linux system, these files are provided in the below-given table −
| Tag | Description |
|---|---|
| /etc/sysconfig/authconfig | It tracks whether specific authentication mechanisms are enabled. It includes variables like USEMD5, USEKERBEROS, USESHADOW, and more. |
| /etc/yp.conf | Configuration file for NIS (Network Information Service) support. |
| /etc/passwd | Used for shadow password support. |
| /etc/ldap.conf | Used to configure LDAP. |
| /etc/krb5.conf | Configuration file for Kerberos 5. |
| /etc/hesiod.conf | Configuration file for Hesiod. |
| /etc/krb.conf | Used for configuring Kerberos |
| /etc/sysconfig/network | Another configuration file related to NIS support. |
| /etc/pam_smb.conf | Used to configure SMB (Server Message Block) authentication. |
| /etc/samba/smb.conf | Configuration file for winbind authentication. |
| /etc/nsswitch.conf | Configures user information services. |
| /etc/pam.d/system-auth | Common PAM (Pluggable Authentication Module) configuration for system services. It’s created as a symlink and not relinked if it points to another file. |
| /etc/pam.d/system-auth-ac | Contains the actual PAM configuration for system services and is the default target of the /etc/pam.d/system-auth symlink. If a local PAM configuration is created, this file can be included there. |
Conclusion
The authconfig is a robust command line utility for configuring system authentication and user account settings on Linux systems. This guide has provided the installation, syntax, options used and examples of authconfig command on Linux. Following these examples will ensure getting adequate information about the authconfig command and how to use it on Linux. Don’t forget to try all options as they will be crucial for your projects.