Bug 96996 - RFE: authconfig forces nullok on system-auth's pam_unix configuration
Summary: RFE: authconfig forces nullok on system-auth's pam_unix configuration
Alias: None
Product: Fedora
Classification: Fedora
Component: authconfig (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2003-06-08 06:54 UTC by Arenas Belon, Carlo Marcelo
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version: authconfig-5.0.3-1
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-08 00:19:34 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch to be aware of nullok settings on authconfig (3.09 KB, patch)
2003-06-08 07:28 UTC, Arenas Belon, Carlo Marcelo
no flags Details | Diff

Description Arenas Belon, Carlo Marcelo 2003-06-08 06:54:03 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
authconfig does not check for the parameter nullok while on the authentication
or password pam configuration for system-auth.

therefore there is no way to setup the system to disable null password without
at the same time avoiding the use of authconfig.

even if no option is presented to the user to allow/disallow the use for  that
option, whatever configuration the user has manually done on system-auth to
enable or disable this option should be detected and used, as the user could be
silently open his system without noticing (other than the obvious warning on
syste-auth file) that the option to not allow users without password was reset
the last time authconfig was executed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. edit system-auth and remove the nullok parameter for pam_unix
2. execute system-auth
3. verify if nullok was added again to system-auth

Actual Results:  the system-auth file was rebuilt (nothing new there as that is
was is expected) with the option nullok added back to pam_unix

Expected Results:  the system-auth file to be rebuilt with no nullok parameter
on pam_unix as it was before it was excecuted

Additional info:

there is code to test for md5, shadow and bigcrypt already, not so for nullok

Comment 1 Arenas Belon, Carlo Marcelo 2003-06-08 07:28:38 UTC
Created attachment 92246 [details]
patch to be aware of nullok settings on authconfig

senses the settings for nullok on pam config file and writes them on the
resulting file, parameters needed are configured as EXPERIMENTAL for
/etc/sysconfig/authconfig and no GUI was done for the same reason other
parameters are on the EXPERIMENTAL tab, to find a consistent way to show them
to the final user thru the GUI

Comment 2 Arenas Belon, Carlo Marcelo 2003-06-08 07:31:57 UTC
Comment on attachment 92246 [details]
patch to be aware of nullok settings on authconfig

oops, not really a patch as mising files from auto{make,conf} and build error
file show as missing files, just disregard them

Comment 3 Tomas Mraz 2005-09-08 13:48:10 UTC
I will consider this for FC5.

Comment 4 Tomas Mraz 2005-11-08 00:19:34 UTC
Authconfig now checks if nullok was/wasn't specified on auth line and preserves
the setting (always sets the same for auth and password).

Note You need to log in before you can comment on or make changes to this bug.