Profiles and Features

Each profile has associated features you can enable to make the profile's service use a specific authentication method, such as smart card authentication, fingerprint authentication, Kerberos, and so on.

After you select a profile to make it active and enable the features you want, authselect reads the appropriate configuration files for those features to run the relevant authentication processes. Every user who signs in to the host is authenticated based on that configured profile.

To see a full list of features available for a specific profile, use the authselect show command:

authselect show profile

The output of the command shows the optional features available for the named profile. For example, the following extract shows the optional features available in the sssd profile:

authselect show sssd

...
AVAILABLE OPTIONAL FEATURES
---------------------------

with-faillock::
    Enable account locking in case of too many consecutive
    authentication failures.

with-mkhomedir::
    Enable automatic creation of home directories for users on their
    first login.
...

This information is also available in the profile's corresponding /usr/share/authselect/default/profile/README file.

For more information on how profile files are organized, see the authselect-profiles(5) manual page.