Bug 610818 - authconfig options for disabling sssd do not to work
Summary: authconfig options for disabling sssd do not to work
Status: CLOSED DUPLICATE of bug 605857
Alias: None
Product: Fedora
Classification: Fedora
Component: authconfig   
(Show other bugs)
Version: 13
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2010-07-02 14:02 UTC by Chris Paulson-Ellis
Modified: 2010-07-07 08:13 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-07-07 08:13:59 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Chris Paulson-Ellis 2010-07-02 14:02:53 UTC
I've been trying to get fc13 authconfig to reproduce my existing working config which it configured when the system was running fc11. I'm doing this as a prelude to adding sssd to try and fix ldap boot delay problems. However, if I use the same authconfig options as I used back when the system ran f11, but with the new sssd disable options, I end up with a system with sssd enabled (and not working)...

# rpm -q authconfig
# authconfig --savebackup=pre_sssd
# authconfig --update \
    --enablekrb5 --enablekrb5realmdns --enablekrb5kdcdns \
    --enableldap --ldapbasedn=dc=edesix,dc=com \
    --disablesssd --disablesssdauth
# authconfig --savebackup=no_sssd
# # Authentication is now broken.
# authconfig --restorebackup=pre_sssd
# diff /var/lib/authconfig/backup-{pre,no}_sssd/password-auth-ac
< auth        sufficient    pam_krb5.so use_first_pass
> auth        sufficient    pam_sss.so use_first_pass
< account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
> account     [default=bad success=ok user_unknown=ignore] pam_sss.so
< password    sufficient    pam_krb5.so use_authtok
< session     optional      pam_krb5.so
> session     optional      pam_sss.so
# # The diff of system-auth-ac is the same.
# diff /var/lib/authconfig/backup-{pre,no}_sssd/nsswitch.conf
< passwd:     files ldap
< shadow:     files ldap
< group:      files ldap
> passwd:     files sss
> shadow:     files sss
> group:      files sss

I'm getting the feeling that I'm missing something obvious here. I wouldn't expect to see pam_sss being used when I specified --disablesssdauth and I wouldn't expect to see sss in nsswitch.conf when I specifed --disablesssd.

A secondary issue is why the sssd enabled configuration doesn't work, but I need to be confident that authconfig is doing what I ask it before I worry about that (in particular I want to try enabling sssd for nss, but not pam).

Comment 1 Tomas Mraz 2010-07-07 08:13:59 UTC

*** This bug has been marked as a duplicate of bug 605857 ***

Note You need to log in before you can comment on or make changes to this bug.