RH354 - ch04s03

After completing this section, students should be able to manage user authentication settings in PAM, NSS, and dconf using Authselect, and explain the differences between Authselect and Authconfig.

Introducing Authselect

Red Hat Enterprise Linux 8 ships with Authselect, which simplifies the configuration of user authentication, and replaces Authconfig. Authselect uses a different and safer approach, based on profiles that make configuration changes simpler for system administrators. Authselect is used to configure the usual authentication parameters such as passwords, certificates, smart cards, and fingerprints.

Features of Authselect

Adjusts PAM, NSS, and GNOME dconf settings.
Ships with three ready-to-use profiles: sssd, winbind, and nis.
pam_pwquality is enabled by default to enforce password quality restrictions on local users.

Comparing Authselect and Authconfig

Authselect uses tested profiles, instead of directly modifying the system authentication configuration files.
Authselect only modifies files in /etc/nsswitch.conf, /etc/pam.d/*, and /etc/dconf/db/distro.d/*.

How to Use Authselect

Use the authselect list command to list the default and custom profiles.
The default profiles are stored in /usr/share/authselect/default.
Use the authselect create-profile command to create new custom profiles.
Custom profiles are stored in the /etc/authselect/custom/ directory.

When to use Authselect

Use authselect in local and semi-centralized identity management environments, such as Winbind or NIS.
Continue using ipa-client or realmd when joined to a Red Hat Enterprise Linux Identity Management, or Active Directory, domain. These tools correctly configure host authentication parameters on their own.

Note

The authselect-compat package provides a migration tool for /usr/sbin/authconfig that will translate some authconfig calls into authselect calls. It provides only minimum backward compatibility and you should use authselect instead.

References

authselect(8), authselect-migration(7), and authselect-profiles(5) man pages.

For more information, refer to the Configuring authentication on a Red Hat Enterprise Linux host guide at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/configuring_authentication_on_a_red_hat_enterprise_linux_host

Discuss RHEL 8 New Features for Experienced Linux Administrators

Go to community

Welcome to the Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators group!

cschunke

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH354.Read more about Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators here.

Revision: rh354-8.0-0e36520