Description of problem: The pam rpm contains /etc/pam.d/*-auth files which authselect manages. When pam is updated, this results in /etc/pam.d/*-auth.rpmnew files
Version-Release number of selected component (if applicable): pam-1.3.1-8.fc29,
The /etc/pam.d/*-auth files should be removed from the pam rpm and merged with those in the authselect-libs rpm. There should only be one copy of the templates, those in authselect-libs. Whenever the templates are updated, authselect should be rerun.
@tmraz maybe we should package those files as %ghost, so there are sane presets installed with pam and do not generate .rpmnew files when the settings are updated by authselect?
The question is whether it is possible to install a minimal core system without authselect. It used to be possible when there was authconfig instead of authselect.
And if it is still possible even with authselect, I do not think we should change PAM for this. It would be still useful, if you do not manage your PAM configuration with authselect, to know whether the package's configuration changed or not.
So, I do not see this as a real bug.
What might be a kind-of bug is whether the default configuration as created by authselect is different from what is shipped in the PAM package - if that's so, we might want to align - most probably by changing the PAM package configuration.
It is possible to have system completely without authselect. In the future, we would like to take over ownership of nsswitch.conf and these pam files, but there are still things to solve before we can start discussion about it.
Why this was not an issue with authconfig and is now with authselect? I would expect %config(noreplace) so even custom changes are not overwritten.
(In reply to Pavel Březina from comment #4)
> I would expect %config(noreplace) so even custom changes are not overwritten.
For that reason I've suggested to package those files as %ghost in the PAM package.
This will ensure:
a) no such file exists? Install the file from the pam package (sane preset).
b) file already exists? Do not alter / overwrite it, but still own it. Do
not create .rpmnew / .rpmsave files. Leave changes
to authselect and/or system administrator.
It was always like this that the .rpmnew files were created. And I do not regard this as an issue.
I do not think making the files as %ghost is a good idea.