Bug 610818
| Summary: | authconfig options for disabling sssd do not to work | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Chris Paulson-Ellis <chris> |
| Component: | authconfig | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 13 | CC: | tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-07-07 08:13:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 605857 *** |
I've been trying to get fc13 authconfig to reproduce my existing working config which it configured when the system was running fc11. I'm doing this as a prelude to adding sssd to try and fix ldap boot delay problems. However, if I use the same authconfig options as I used back when the system ran f11, but with the new sssd disable options, I end up with a system with sssd enabled (and not working)... # rpm -q authconfig authconfig-6.1.4-2.fc13.x86_64 # authconfig --savebackup=pre_sssd # authconfig --update \ --enablekrb5 --enablekrb5realmdns --enablekrb5kdcdns \ --enableldap --ldapbasedn=dc=edesix,dc=com \ --disablesssd --disablesssdauth # authconfig --savebackup=no_sssd # # Authentication is now broken. # authconfig --restorebackup=pre_sssd # diff /var/lib/authconfig/backup-{pre,no}_sssd/password-auth-ac 7c7 < auth sufficient pam_krb5.so use_first_pass --- > auth sufficient pam_sss.so use_first_pass 13c13 < account [default=bad success=ok user_unknown=ignore] pam_krb5.so --- > account [default=bad success=ok user_unknown=ignore] pam_sss.so 18d17 < password sufficient pam_krb5.so use_authtok 25c24 < session optional pam_krb5.so --- > session optional pam_sss.so # # The diff of system-auth-ac is the same. # diff /var/lib/authconfig/backup-{pre,no}_sssd/nsswitch.conf 33,35c33,35 < passwd: files ldap < shadow: files ldap < group: files ldap --- > passwd: files sss > shadow: files sss > group: files sss I'm getting the feeling that I'm missing something obvious here. I wouldn't expect to see pam_sss being used when I specified --disablesssdauth and I wouldn't expect to see sss in nsswitch.conf when I specifed --disablesssd. A secondary issue is why the sssd enabled configuration doesn't work, but I need to be confident that authconfig is doing what I ask it before I worry about that (in particular I want to try enabling sssd for nss, but not pam).