Bug 610818 - authconfig options for disabling sssd do not to work
authconfig options for disabling sssd do not to work
Status: CLOSED DUPLICATE of bug 605857
Product: Fedora
Classification: Fedora
Component: authconfig (Show other bugs)
13
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-02 10:02 EDT by Chris Paulson-Ellis
Modified: 2010-07-07 04:13 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-07 04:13:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Chris Paulson-Ellis 2010-07-02 10:02:53 EDT
I've been trying to get fc13 authconfig to reproduce my existing working config which it configured when the system was running fc11. I'm doing this as a prelude to adding sssd to try and fix ldap boot delay problems. However, if I use the same authconfig options as I used back when the system ran f11, but with the new sssd disable options, I end up with a system with sssd enabled (and not working)...

# rpm -q authconfig
authconfig-6.1.4-2.fc13.x86_64
# authconfig --savebackup=pre_sssd
# authconfig --update \
    --enablekrb5 --enablekrb5realmdns --enablekrb5kdcdns \
    --enableldap --ldapbasedn=dc=edesix,dc=com \
    --disablesssd --disablesssdauth
# authconfig --savebackup=no_sssd
# # Authentication is now broken.
# authconfig --restorebackup=pre_sssd
# diff /var/lib/authconfig/backup-{pre,no}_sssd/password-auth-ac
7c7
< auth        sufficient    pam_krb5.so use_first_pass
---
> auth        sufficient    pam_sss.so use_first_pass
13c13
< account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
---
> account     [default=bad success=ok user_unknown=ignore] pam_sss.so
18d17
< password    sufficient    pam_krb5.so use_authtok
25c24
< session     optional      pam_krb5.so
---
> session     optional      pam_sss.so
# # The diff of system-auth-ac is the same.
# diff /var/lib/authconfig/backup-{pre,no}_sssd/nsswitch.conf
33,35c33,35
< passwd:     files ldap
< shadow:     files ldap
< group:      files ldap
---
> passwd:     files sss
> shadow:     files sss
> group:      files sss

I'm getting the feeling that I'm missing something obvious here. I wouldn't expect to see pam_sss being used when I specified --disablesssdauth and I wouldn't expect to see sss in nsswitch.conf when I specifed --disablesssd.

A secondary issue is why the sssd enabled configuration doesn't work, but I need to be confident that authconfig is doing what I ask it before I worry about that (in particular I want to try enabling sssd for nss, but not pam).
Comment 1 Tomas Mraz 2010-07-07 04:13:59 EDT

*** This bug has been marked as a duplicate of bug 605857 ***

Note You need to log in before you can comment on or make changes to this bug.