Bug 820483
Summary: | Systemd upgrade breaks manual pam configurations | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ian Dall <ian> |
Component: | systemd | Assignee: | systemd-maint |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16 | CC: | johannbg, metherid, mschmidt, notting, plautrba, smithj4, systemd-maint, tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | systemd-185-1.fc18 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-07 08:04:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ian Dall
2012-05-10 06:42:48 UTC
A workaround could be to save your configuration as /etc/pam.d/system-auth-mine and make /etc/pam.d/system-auth a symlink to it. According to "man authconfig", authconfig will not relink it if the symlink points to another file than system-auth-ac. We added the symlink check as a fix for bug 753160. A related bug is being discussed: bug 815413. As Michal said, if you need to customize your system-auth/password-auth... files so authconfig does not touch them, you have to follow the recommendation in the system-auth-ac(5) manual page. This is clearly a NOTABUG. Thanks for the quick response. I had read system-auth-ac.5 but misinterpreted it to mean "authconfig will only tamper with the *-ac files", in which case replacing the symlink with a plain file would have worked. My mistake. It still seems a bit cavalier for the systemd install to go running authconfig without checking it is harmless. There are ways this could go wrong. For example, if system-auth is a symlink to system-auth.local and system-auth-ac (which is not actually being used, remember) either doesn't exist or doesn't have pam_systemd in it. Then authconfig will run. It will leaves system-auth alone, but it will stomp all over the OTHER config files like /etc/sssd.conf or /etc/nsswitch.conf. Sure I can "fix this" by making sure there IS an system-auth-ac file with at least the string "pam_systemd" in it, but this isn't very robust. It means I have to be constantly on top of the install scripts for all of the packages to make sure there is not some other magic string going to be expected by this or some other package in the future. I'd really like a "don't ever use authconfig automatically" type of option as an enhancement to authconfig or else for systemd to not require authconfig as a dependency. The calls to authconfig have been removed from systemd scriptlets in Rawhide. Scriptlets in F16, F17 will have to remain as they are. *** Bug 839696 has been marked as a duplicate of this bug. *** |