Bug 679517

Summary: authconfig does not rewrite pam configuration files to adjust to systemd
Product: [Fedora] Fedora Reporter: Michal Jaegermann <michal>
Component: systemdAssignee: Lennart Poettering <lpoetter>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: karsten, lpoetter, metherid, mschmidt, notting, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: systemd-20-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-12 04:42:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Jaegermann 2011-02-22 19:17:51 UTC
Description of problem:

After updates files in /etc/pam.d/ are left in an "old" state which does not take into account systemd.  These creates problems like those described in https://bugzilla.redhat.com/show_bug.cgi?id=655321#c11 and followup comments
(where after a run of "autoconf --update" the problem disaapear).

No idea what should be responsible for such rewrites but Lennart Poettering points finger at autconf. 

Version-Release number of selected component (if applicable):
autoconf-2.68-2.fc15

Additional info:
See also bug 679091 which seem to describe effects of a similar issue; only there this was apparently a new installation.

Comment 1 Karsten Hopp 2011-02-23 08:44:22 UTC
I'm quite certain that this isn't an autoconf bug. You probably meant authconfig ?
Reassigning the component according to https://bugzilla.redhat.com/show_bug.cgi?id=655321#c16

Comment 2 Tomas Mraz 2011-02-23 09:34:24 UTC
The authconfig --update should be probably issued in %post of the systemd package if it does not find the pam_systemd in the config files.

Comment 3 Lennart Poettering 2011-02-23 12:54:59 UTC
hmm, ok, I guess I can execute that.

something along the lines of:

grep pam_systemd /etc/pam/system-auth-ac >/dev/null 2>&1 || authconfig --update

Tomas, does that look good to you?

Comment 4 Tomas Mraz 2011-02-23 13:31:24 UTC
To be sure that pam_systemd is added the script should call authconfig --updateall as a second try as if the configuration is otherwise consistent the authconfig will not touch it with --update. It is highly probable that on a system that requires the run of authconfig to add the pam_systemd the configuration will be inconsistent anyway it will in most cases be sufficient but there might be cases where authconfig --update will not touch it.

Also authconfig should be called directly from /usr/sbin/ as it avoids the consolehelper step.

So here is my suggestion for the script:

if grep -q pam_systemd /etc/pam.d/system-auth-ac ; then
:
else
    /usr/sbin/authconfig --update >/dev/null 2>&1 || :
    grep -q pam_systemd /etc/pam.d/system-auth-ac || /usr/sbin/authconfig --updateall >/dev/null 2>&1 || :
fi

Comment 5 Lennart Poettering 2011-02-23 14:13:31 UTC
(In reply to comment #4)

Why not just use -v on the grep cmdline?

i.e.:

if grep -vq pam_systemd /etc/pam.d/system-auth-ac ; then
        /usr/sbin/authconfig --update >/dev/null 2>&1 || :
        grep -q pam_systemd /etc/pam.d/system-auth-ac || /usr/sbin/authconfig --updateall >/dev/null 2>&1 || :
fi

Comment 6 Tomas Mraz 2011-02-23 14:37:57 UTC
It would not work it does something else than (not grep -q) - it matches all lines that do not contain pam_systemd.

Comment 7 Petr Lautrbach 2011-02-23 14:39:13 UTC
...(In reply to comment #5)
> Why not just use -v on the grep cmdline?
> 
> i.e.:
> 
> if grep -vq pam_systemd /etc/pam.d/system-auth-ac ; then
>         /usr/sbin/authconfig --update >/dev/null 2>&1 || :
>         grep -q pam_systemd /etc/pam.d/system-auth-ac || /usr/sbin/authconfig
> --updateall >/dev/null 2>&1 || :
> fi

# grep -q pam_systemd /etc/pam.d/system-auth-ac; echo $?
0
# grep -vq pam_systemd /etc/pam.d/system-auth-ac; echo $?
0


You probably want
if ! grep -q pam_systemd /etc/pam.d/system-auth-ac ; then

Comment 8 Fedora Update System 2011-03-01 01:37:30 UTC
Package systemd-19-1.fc15:
* should fix your issue,
* was pushed to the Fedora 15 updates-testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing systemd-19-1.fc15'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/systemd-19-1.fc15
then log in and leave karma (feedback).

Comment 9 Fedora Update System 2011-03-01 06:49:08 UTC
systemd-19-1.fc15 has been pushed to the Fedora 15 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update systemd'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/systemd-19-1.fc15

Comment 10 Fedora Update System 2011-03-08 19:36:52 UTC
systemd-20-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/systemd-20-1.fc15

Comment 11 Fedora Update System 2011-03-12 04:42:30 UTC
systemd-20-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.