Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 593016 - Authconfig in kickstart being ignored
Summary: Authconfig in kickstart being ignored
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: anaconda
Version: 5.5
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Anaconda Maintenance Team
QA Contact: Release Test Team
Depends On:
TreeView+ depends on / blocked
Reported: 2010-05-17 15:48 UTC by Eric S.
Modified: 2010-07-14 19:35 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-07-14 19:35:15 UTC
Target Upstream Version:

Attachments (Terms of Use)
Anaconda log (176.67 KB, text/plain)
2010-05-21 18:57 UTC, Eric S.
no flags Details
Anaconda's syslog (23.84 KB, text/plain)
2010-05-21 18:58 UTC, Eric S.
no flags Details
anaconda-ks.cfg generated during install (1.12 KB, text/plain)
2010-05-21 18:59 UTC, Eric S.
no flags Details
Original kickstart used to install server (2.40 KB, application/octet-stream)
2010-05-21 19:02 UTC, Eric S.
no flags Details

Description Eric S. 2010-05-17 15:48:07 UTC
Description of problem:
Options to auth (or authconfig) are ignored, specifically "--enablemd5" and "--enableshadow".  Manually running authconfig after the install is successful.  Anaconda-ks.cfg shows the following after kickstart install:
authconfig auth --enablemd5 --enableshadow

It seems to add an additional "authconfig" to the beginning of the line.  Using "authconfig" in the kickstart results in "authconfig authconfig ...".

After an interactive install, the line in anaconda-ks.cfg is correct:
authconfig --enablemd5 --enableshadow

Version-Release number of selected component (if applicable):
This applies to RHEL 5.5 media (and possibly 5.4).  It worked properly for RHEL 5.3 media.

How reproducible:

Steps to Reproduce:
1. Use "auth --enablemd5 --enableshadow" in a kickstart install using RHEL 5.5
2. Check /etc/passwd
Actual results:
Neither MD5 nor shadow files are enabled.

Expected results:
MD5 crypted passwords in a shadow file.

Comment 1 Chris Lumens 2010-05-20 15:28:12 UTC
Can you attach /tmp/anaconda.log and /tmp/syslog to this bug report?

Comment 2 Eric S. 2010-05-21 18:57:40 UTC
Created attachment 415748 [details]
Anaconda log

Comment 3 Eric S. 2010-05-21 18:58:22 UTC
Created attachment 415749 [details]
Anaconda's syslog

Comment 4 Eric S. 2010-05-21 18:59:41 UTC
Created attachment 415750 [details]
anaconda-ks.cfg generated during install

Comment 5 Eric S. 2010-05-21 19:02:40 UTC
Created attachment 415751 [details]
Original kickstart used to install server

Comment 6 Eric S. 2010-05-21 19:06:13 UTC
I added 4 files.  The anaconda.log and syslog as requested.  I did not see anything that would be problematic in there, so I think the issue may be in parsing the kickstart initially.

The other two files are the kickstart used for the install, and the kickstart generated by anaconda during the install.

Please let me know if you need anything else.

Comment 7 Chris Lumens 2010-07-14 15:37:17 UTC
Does it work correctly if you remove the leading spaces from the lines with commands on them (lines 9 through 30)?

Comment 8 Eric S. 2010-07-14 19:16:45 UTC
I removed the leading spaces from the kickstart and the resulting install was properly configured for shadowing passwords.

I never thought to try that since the other commands (and all of them previously) were working fine.

Comment 9 Chris Lumens 2010-07-14 19:35:15 UTC
The authconfig command in kickstart is special.  It's just a pass through to the authconfig program.  Whatever arguments you specify get passed along as one big line.  That way, there's no need to worry with quoting or other unusual shell possibilities.

As a result of how this is implemented internally, the leading spaces don't get removed and we attempt to run "authconfig auth --enablemd5 --enableshadow".  Obviously, that doesn't work so the authconfig program bails out and your machine is not set up correctly.

If you're interested in the code, check out how the authconfig command is handled:


self.ksdata.authconfig will get passed entirely to the authconfig command.  And then self._line is set here:


As you can see, it's the raw and unprocessed line complete with leading spaces.  The block in doAuthconfig is meant to skip over the leading "auth" because it doesn't expect there to be any leading space.

This only affects the authconfig command, and only in RHEL5.  It's fixed in RHEL6.  If you require a fix in RHEL5 for some reason, please talk to a support representative so we can work on scheduling a fix for the pykickstart package.  Otherwise, just un-indent the commands in your kickstart file or wait for RHEL6.

Note You need to log in before you can comment on or make changes to this bug.