RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1014815 - authconfig --disablessd doesn't remove sss from services line
Summary: authconfig --disablessd doesn't remove sss from services line
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: authconfig
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 1014816
TreeView+ depends on / blocked
 
Reported: 2013-10-02 20:39 UTC by David Spurek
Modified: 2015-03-02 05:28 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1014816 (view as bug list)
Environment:
Last Closed: 2013-10-03 09:20:55 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description David Spurek 2013-10-02 20:39:50 UTC 
Description of problem:
authconfig --disablessd doesn't remove sss from services line

[root@ibm-p730-04-lp1 bz804615-AUthconfig-should-add-sss-to-the-services-line]
# cat /etc/nsswitch.conf | grep "^services:.*sss"
services:   files sss
[root@ibm-p730-04-lp1 bz804615-AUthconfig-should-add-sss-to-the-services-line]# authconfig --disablesssd --update
Boolean authlogin_nsswitch_use_ldap is not defined
[root@ibm-p730-04-lp1 bz804615-AUthconfig-should-add-sss-to-the-services-line]# cat /etc/nsswitch.conf | grep "^services:.*sss"
services:   files sss
[root@ibm-p730-04-lp1 bz804615-AUthconfig-should-add-sss-to-the-services-line]

Version-Release number of selected component (if applicable):
authconfig-6.2.7-1.el7

How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Tomas Mraz 2013-10-03 08:21:27 UTC 
What's the output of 'authconfig --test' ?
Comment 2 David Spurek 2013-10-03 08:26:18 UTC 
authconfig --test
caching is disabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is disabled
 LDAP+TLS is disabled
 LDAP server = ""
 LDAP base DN = ""
nss_nis is disabled
 NIS server = ""
 NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
 SMB workgroup = "MYGROUP"
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
 Winbind template shell = "/bin/false"
 SMB idmap range = "16777216-33554431"
nss_sss is disabled by default
nss_wins is disabled
nss_mdns4_minimal is disabled
DNS preference over NSS or WINS is disabled
pam_unix is always enabled
 shadow passwords are disabled
 password hashing algorithm is md5
pam_krb5 is disabled
 krb5 realm = "#"
 krb5 realm via dns is disabled
 krb5 kdc = ""
 krb5 kdc via dns is disabled
 krb5 admin server = ""
pam_ldap is disabled
 LDAP+TLS is disabled
 LDAP server = ""
 LDAP base DN = ""
 LDAP schema = "rfc2307"
pam_pkcs11 is disabled
 use only smartcard for login is disabled
 smartcard module = ""
 smartcard removal action = ""
pam_fprintd is disabled
pam_ecryptfs is disabled
pam_winbind is disabled
 SMB workgroup = "MYGROUP"
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
pam_sss is disabled by default
 credential caching in SSSD is enabled
 SSSD use instead of legacy services if possible is enabled
IPAv2 is disabled
IPAv2 domain was not joined
 IPAv2 server = ""
 IPAv2 realm = ""
 IPAv2 domain = ""
pam_pwquality is enabled (try_first_pass retry=3 authtok_type=)
pam_passwdqc is disabled ()
pam_access is disabled ()
pam_mkhomedir or pam_oddjob_mkhomedir is disabled ()
Always authorize local users is enabled ()
Authenticate system accounts against network services is disabled
Comment 3 Tomas Mraz 2013-10-03 08:55:26 UTC 
That's weird and in this situation there is still sss in /etc/nsswitch.conf? What is there actually?
Comment 4 David Spurek 2013-10-03 09:12:29 UTC 
I look on it now, problem is in misconfigured /etc/nsswitch.conf. It contains sss only in services line, then authconfig --disablesssd --update doesn't remove it. I guess that authconfig has flag somewhere if sssd is disabled, then authconfig --disablesssd --update probably do "nothing", right?
Comment 5 Tomas Mraz 2013-10-03 09:20:39 UTC 
Yes, sure. This is just unsupported configuration. To override you can use authconfig --updateall which will forcibly overwrite all configuration files.
Note You need to log in before you can comment on or make changes to this bug.