autofs_ldap_auth.conf man page on Oracle

Man page or keyword search:  
man Server   33470 pages
apropos Keyword Search (all sections)
Output format
Oracle logo
[printable version]

AUTOFS_LDAP_AUTH.CONF(5)			      AUTOFS_LDAP_AUTH.CONF(5)

NAME
       autofs_ldap_auth.conf - autofs LDAP authentication configuration

DESCRIPTION
       LDAP  authenticated  binds, TLS encrypted connections and certification
       may be used by setting appropriate values in the autofs	authentication
       configuration  file  and	 configuring  the LDAP client with appropriate
       settings.     The    default    location	   of	  this	   file	    is
       /etc/autofs_ldap_auth.conf.  If this file exists it will be used to es‐
       tablish whether TLS or authentication should be used.

       An example of this file is:

	 <?xml version="1.0" ?>
	 <autofs_ldap_sasl_conf
		 usetls="yes"
		 tlsrequired="no"
		 authrequired="no"
		 authtype="DIGEST-MD5"
		 user="xyz"
		 secret="abc"
	 />

       If TLS encryption is to be used the location of the Certificate Author‐
       ity certificate must be set within the LDAP client configuration in or‐
       der to validate the server certificate. If, in  addition,  a  certified
       connection  is  to  be used then the client certificate and private key
       file locations must also be configured within the LDAP client.

OPTIONS
       This files contains a single XML	 element,  as  shown  in  the  example
       above, with several attributes.

       The possible attributes are:

       usetls="yes"|"no"
	      Determines  whether  an  encrypted connection to the ldap server
	      should be attempted.

       tlsrequired="yes"|"no"
	      This flag tells whether the ldap connection must	be  encrypted.
	      If  set  to  "yes", the automounter will fail to start if an en‐
	      crypted connection cannot be established.

       authrequired="yes"|"no"|"autodetect"|"simple"
	      This option tells whether an  authenticated  connection  to  the
	      ldap server is required in order to perform ldap queries. If the
	      flag is set to yes, only sasl authenticated connections will  be
	      allowed.	If  it	is set to no then authentication is not needed
	      for ldap server connections. If it is set to autodetect then the
	      ldap server will be queried to establish a suitable sasl authen‐
	      tication	mechanism. If no suitable mechanism can be found, con‐
	      nections to the ldap server are made without authentication. Fi‐
	      nally, if it is set to simple, then simple  authentication  will
	      be used instead of SASL.

       authtype="GSSAPI"|"LOGIN"|"PLAIN"|"ANONYMOUS"|"DIGEST-MD5|EXTERNAL"
	      This attribute can be used to specify a preferred authentication
	      mechanism.  In normal operations, the automounter	 will  attempt
	      to  authenticate to the ldap server using the list of supported‐
	      SASLmechanisms obtained from the directory  server.   Explicitly
	      setting the authtype will bypass this selection and only try the
	      mechanism specified. The EXTERNAL mechanism may be used  to  au‐
	      thenticate  using a client certificate and requires that authre‐
	      quired set to "yes" if using SSL or usetls, tlsrequired and  au‐
	      threquired  all  set  to	"yes" if using TLS, in addition to au‐
	      thtype being set to EXTERNAL.

	      If using authtype EXTERNAL two additional configuration  entries
	      are required:

	      external_cert="<client certificate path>"

	      This  specifies  the path of the file containing the client cer‐
	      tificate.

	      external_key="<client certificate key path>"

	      This specifies the path of the file containing the  client  cer‐
	      tificate key.

	      These two configuration entries are mandatory when using the EX‐
	      TERNAL method as the HOME environment variable cannot be assumed
	      to be set or, if it is, to be set to the location we expect.

       user="<username>"
	      This attribute holds the authentication identity used by authen‐
	      tication mechanisms that require it.  Legal values for this  at‐
	      tribute include any printable characters that can be used by the
	      selected authentication mechanism.

       secret="<password>"
	      This attribute holds the secret used  by	authentication	mecha‐
	      nisms  that  require it. Legal values for this attribute include
	      any printable characters that can be used by  the	 selected  au‐
	      thentication mechanism.

       encoded_secret="<base64 encoded password>"
	      This attribute holds the base64 encoded secret used by authenti‐
	      cation mechanisms that require it. If this entry is  present  as
	      well as the secret entry this value will take precedence.

       clientprinc="<GSSAPI client principal>"
	      When  using GSSAPI authentication, this attribute is con‐
	      sulted to determine the principal name to	 use  when  au‐
	      thenticating  to	the  directory server. By default, this
	      will be set to "autofsclient/<fqdn>@<REALM>.

       credentialcache="<external credential cache path>"
	      When using GSSAPI authentication, this attribute	can  be
	      used to specify an externally configured credential cache
	      that is used during authentication.  By  default,	 autofs
	      will setup a memory based credential cache.

SEE ALSO
       auto.master(5),

AUTHOR
       This manual page was written by Ian Kent <raven@themaw.net>.

				  19 Feb 2010	      AUTOFS_LDAP_AUTH.CONF(5)
[top]

List of man pages available for Oracle

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net