SSL = SSLv1 or SSLv2 TLS = SSLv3 On 9/6/07, Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx> wrote: > Hi, > > Thanks for reviewing. > > I'm on RHEL4 and was having all sorts of weird issues with using > auth/authconfig. > > Does TLS == SSL for LDAP? > > Cheers, > Harry > > > mups.cp wrote: > > The kickstart auth option allow set must tyhe options you are settings > > into %post. > > http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/s1-kickstart2-options.html > > has all you need. Look for auth/authconfig > > > > > >> %post > >> # Setup LDAP > >> # > >> # equiv to running setup tool > >> authconfig --kickstart --enableshadow --enablemd5 --enableldap > >> --enableldapauth --ldapserver ldap.yourdomain.com --ldapbasedn > >> dc=yourdomain,dc=com > > > > Use this out %post. Look the link above. > > > > > >> # > >> # Turn SSL on in the config files > >> perl -p -i -e 's/^ssl no/ssl on/g' /etc/ldap.conf > >> echo "tls_cacertfile /etc/openldap/cacerts/cacert.asc" >> /etc/ldap.conf > >> echo "URI ldaps://ldap.yourdomain.com" >> /etc/openldap/ldap.conf > > > > Again, no necessary if using the above --enableldaptls. > > > >> # > >> # Create a directory to hold our Cert Auth certificate > >> mkdir -p /etc/openldap/cacerts > >> # Download the CA certificate > >> wget -O /etc/openldap/cacerts/cacert.asc http://INSTALL_SERVER/cacert.asc > >> # > > OK > > > >> # Have PAM autocreate home directories upon login > >> echo "session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ > >> umask=0077" >> /etc/pam.d/system-auth > > > > This is useful only if users connect through ssh. > > Through samba use root preexec to create home dir automaticly. > > For Linux clients use autofs. > > > >> # > >> # Ensure that local authorization is enough to get on the system > >> # (i.e. root can login) > >> perl -p -i -e 's/^USELOCAUTHORIZE=no/USELOCAUTHORIZE=yes/' > >> /etc/sysconfig/authconfig > > > > My system works without change this. > > > > _______________________________________________ > > Kickstart-list mailing list > > Kickstart-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/kickstart-list > > _______________________________________________ > Kickstart-list mailing list > Kickstart-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/kickstart-list > _______________________________________________ Kickstart-list mailing list Kickstart-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/kickstart-list
