From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 Description of problem: authconfig does not check for the parameter nullok while on the authentication or password pam configuration for system-auth. therefore there is no way to setup the system to disable null password without at the same time avoiding the use of authconfig. even if no option is presented to the user to allow/disallow the use for that option, whatever configuration the user has manually done on system-auth to enable or disable this option should be detected and used, as the user could be silently open his system without noticing (other than the obvious warning on syste-auth file) that the option to not allow users without password was reset the last time authconfig was executed. Version-Release number of selected component (if applicable): 4.3.4-1 How reproducible: Always Steps to Reproduce: 1. edit system-auth and remove the nullok parameter for pam_unix 2. execute system-auth 3. verify if nullok was added again to system-auth Actual Results: the system-auth file was rebuilt (nothing new there as that is was is expected) with the option nullok added back to pam_unix Expected Results: the system-auth file to be rebuilt with no nullok parameter on pam_unix as it was before it was excecuted Additional info: there is code to test for md5, shadow and bigcrypt already, not so for nullok
Created attachment 92246 [details] patch to be aware of nullok settings on authconfig senses the settings for nullok on pam config file and writes them on the resulting file, parameters needed are configured as EXPERIMENTAL for /etc/sysconfig/authconfig and no GUI was done for the same reason other parameters are on the EXPERIMENTAL tab, to find a consistent way to show them to the final user thru the GUI
Comment on attachment 92246 [details] patch to be aware of nullok settings on authconfig oops, not really a patch as mising files from auto{make,conf} and build error file show as missing files, just disregard them
I will consider this for FC5.
Authconfig now checks if nullok was/wasn't specified on auth line and preserves the setting (always sets the same for auth and password).