96996 – RFE: authconfig forces nullok on system-auth's pam_unix configuration

Bug 96996 - RFE: authconfig forces nullok on system-auth's pam_unix configuration

Summary: RFE: authconfig forces nullok on system-auth's pam_unix configuration

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	authconfig
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-06-08 06:54 UTC by Arenas Belon, Carlo Marcelo
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:	authconfig-5.0.3-1
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-11-08 00:19:34 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
patch to be aware of nullok settings on authconfig (3.09 KB, patch) 2003-06-08 07:28 UTC, Arenas Belon, Carlo Marcelo	no flags	Details \| Diff
View All

Description Arenas Belon, Carlo Marcelo 2003-06-08 06:54:03 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
authconfig does not check for the parameter nullok while on the authentication
or password pam configuration for system-auth.

therefore there is no way to setup the system to disable null password without
at the same time avoiding the use of authconfig.

even if no option is presented to the user to allow/disallow the use for  that
option, whatever configuration the user has manually done on system-auth to
enable or disable this option should be detected and used, as the user could be
silently open his system without noticing (other than the obvious warning on
syste-auth file) that the option to not allow users without password was reset
the last time authconfig was executed.

Version-Release number of selected component (if applicable):
4.3.4-1

How reproducible:
Always

Steps to Reproduce:
1. edit system-auth and remove the nullok parameter for pam_unix
2. execute system-auth
3. verify if nullok was added again to system-auth
    

Actual Results:  the system-auth file was rebuilt (nothing new there as that is
was is expected) with the option nullok added back to pam_unix

Expected Results:  the system-auth file to be rebuilt with no nullok parameter
on pam_unix as it was before it was excecuted

Additional info:

there is code to test for md5, shadow and bigcrypt already, not so for nullok

Comment 1 Arenas Belon, Carlo Marcelo 2003-06-08 07:28:38 UTC

Created attachment 92246 [details]
patch to be aware of nullok settings on authconfig

senses the settings for nullok on pam config file and writes them on the
resulting file, parameters needed are configured as EXPERIMENTAL for
/etc/sysconfig/authconfig and no GUI was done for the same reason other
parameters are on the EXPERIMENTAL tab, to find a consistent way to show them
to the final user thru the GUI

Comment 2 Arenas Belon, Carlo Marcelo 2003-06-08 07:31:57 UTC

Comment on attachment 92246 [details]
patch to be aware of nullok settings on authconfig

oops, not really a patch as mising files from auto{make,conf} and build error
file show as missing files, just disregard them

Comment 3 Tomas Mraz 2005-09-08 13:48:10 UTC

I will consider this for FC5.

Comment 4 Tomas Mraz 2005-11-08 00:19:34 UTC

Authconfig now checks if nullok was/wasn't specified on auth line and preserves
the setting (always sets the same for auth and password).

Note You need to log in before you can comment on or make changes to this bug.