It would be nice to have a "use Unix accounts if all else fails"
option for authconfig, in the Authentication section. Or some way of
specifying "Only use method X for UIDs greater than Y" for each
For example, I wanted to set up a system here where UIDs >= 500 were
authenticated against Active Directory (using Kerberos), but UIDs <
500 were authenticated with pam_unix.
After manually editing /etc/krb5.conf to not auth users with UIDs <
500, I had to edit /etc/pam.d/system-auth manually to change pam_krb5
to [default=ignore ...]
This is too complicated request for the authconfig UI which should be as simple
as possible. Sysadmin with such request should be experienced enough to edit the
configuration files by hand.