Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 96996 - RFE: authconfig forces nullok on system-auth's pam_unix configuration
RFE: authconfig forces nullok on system-auth's pam_unix configuration
Product: Fedora
Classification: Fedora
Component: authconfig (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2003-06-08 02:54 EDT by Arenas Belon, Carlo Marcelo
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version: authconfig-5.0.3-1
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-07 19:19:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch to be aware of nullok settings on authconfig (3.09 KB, patch)
2003-06-08 03:28 EDT, Arenas Belon, Carlo Marcelo
no flags Details | Diff

  None (edit)
Description Arenas Belon, Carlo Marcelo 2003-06-08 02:54:03 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
authconfig does not check for the parameter nullok while on the authentication
or password pam configuration for system-auth.

therefore there is no way to setup the system to disable null password without
at the same time avoiding the use of authconfig.

even if no option is presented to the user to allow/disallow the use for  that
option, whatever configuration the user has manually done on system-auth to
enable or disable this option should be detected and used, as the user could be
silently open his system without noticing (other than the obvious warning on
syste-auth file) that the option to not allow users without password was reset
the last time authconfig was executed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. edit system-auth and remove the nullok parameter for pam_unix
2. execute system-auth
3. verify if nullok was added again to system-auth

Actual Results:  the system-auth file was rebuilt (nothing new there as that is
was is expected) with the option nullok added back to pam_unix

Expected Results:  the system-auth file to be rebuilt with no nullok parameter
on pam_unix as it was before it was excecuted

Additional info:

there is code to test for md5, shadow and bigcrypt already, not so for nullok
Comment 1 Arenas Belon, Carlo Marcelo 2003-06-08 03:28:38 EDT
Created attachment 92246 [details]
patch to be aware of nullok settings on authconfig

senses the settings for nullok on pam config file and writes them on the
resulting file, parameters needed are configured as EXPERIMENTAL for
/etc/sysconfig/authconfig and no GUI was done for the same reason other
parameters are on the EXPERIMENTAL tab, to find a consistent way to show them
to the final user thru the GUI
Comment 2 Arenas Belon, Carlo Marcelo 2003-06-08 03:31:57 EDT
Comment on attachment 92246 [details]
patch to be aware of nullok settings on authconfig

oops, not really a patch as mising files from auto{make,conf} and build error
file show as missing files, just disregard them
Comment 3 Tomas Mraz 2005-09-08 09:48:10 EDT
I will consider this for FC5.
Comment 4 Tomas Mraz 2005-11-07 19:19:34 EST
Authconfig now checks if nullok was/wasn't specified on auth line and preserves
the setting (always sets the same for auth and password).

Note You need to log in before you can comment on or make changes to this bug.