I got into a terrible mess yesterday, when I ran authconfig.gtk on my desktop, checking the ldap checkbox. This was one step in the saga of configuring openldap - possibly the worst-documented program in the history of computing. I actually have openldap working, but was trying to butter the cake by installing phpLDAPadmin . This again seemed to be working, but whatever I tried I got an authentication error. Hence the disastrous idea of running authconfig, which made the desktop seize up, and fail to re-boot, hanging at "Starting system message bus". I won't go into the subsequent torture, but it ended when I used Knoppix to delete all mention of ldap in /etc/nsswitch.conf . This led me to ponder authentication in Fedora. Is it really the complete shambles it seems to me to be? Are there several rival authentication methods: SASL, SSL, TLS, etc? How does one tell which to use? Is all this documented anywhere? I seem to have *.pem files all over the place. And how does all this fit in with /etc/pam.d/ ? And what does /etc/nsswitch.conf have to do with it? Is authentication under Fedora utterly confusing, or have I got hold of the wrong end of the stick?