Chapter 1. Kickstart Installations
--enablekrb5
Use Kerberos 5 for authenticating users. Kerberos itself does not know about home
directories, UIDs, or shells. If you enable Kerberos, you must make users' accounts known
to this workstation by enabling LDAP, NIS, or Hesiod or by using the /usr/sbin/useradd
command to make their accounts known to this workstation. If you use this option, you must
have the pam_krb5 package installed.
--krb5realm=
The Kerberos 5 realm to which your workstation belongs.
--krb5kdc=
The KDC (or KDCs) that serve requests for the realm. If you have multiple KDCs in your
realm, separate their names with commas (,).
--krb5adminserver=
The KDC in your realm that is also running kadmind. This server handles password changing
and other administrative requests. This server must be run on the master KDC if you have
more than one KDC.
--enablehesiod
Enable Hesiod support for looking up user home directories, UIDs, and shells. More
information on setting up and using Hesiod on your network is in /usr/share/doc/
glibc-2.x.x/README.hesiod, which is included in the glibc package. Hesiod is an
extension of DNS that uses DNS records to store information about users, groups, and
various other items.
--hesiodlhs
The Hesiod LHS ("left-hand side") option, set in /etc/hesiod.conf. This option is used
by the Hesiod library to determine the name to search DNS for when looking up information,
similar to LDAP's use of a base DN.
--hesiodrhs
The Hesiod RHS ("right-hand side") option, set in /etc/hesiod.conf. This option is used
by the Hesiod library to determine the name to search DNS for when looking up information,
similar to LDAP's use of a base DN.
Tip
To look up user information for "jim", the Hesiod library looks up
jim.passwd<LHS><RHS>, which should resolve to a TXT record that looks
like what his passwd entry would look like (jim:*:501:501:Jungle
Jim:/home/jim:/bin/bash). For groups, the situation is identical, except
jim.group<LHS><RHS> would be used.
Looking up users and groups by number is handled by making "501.uid" a
CNAME for "jim.passwd", and "501.gid" a CNAME for "jim.group". Note that
the LHS and RHS do not have periods . put in front of them when the library
determines the name for which to search, so the LHS and RHS usually begin with
periods.
6
Need help?
Do you have a question about the ENTERPRISE LINUX 4 and is the answer not in the manual?