8.15. authconfig

Bug Fixes

BZ#852997

Previously, the authconfig utility did not back up the /etc/passwd files, /etc/group, /etc/shadow, and /etc/gshadow files. As a consequence, if the "authconfig --restorebackup" command was run, these files were not reverted. With this update, authconfig backs up the aforementioned files, and when the "--restorebackup" option is used, it properly reverts the state of these files.

BZ#912851

Prior to this update, the authconfig utility did not properly read the LDAP base from the nslcd.conf file if there were multiple specific the LDAP bases specified. Consequently, the value of the LDAP base read from nslcd.conf was incorrect. With this update, authconfig ignores the specific LDAP bases, and reads and overwrites only the general LDAP base value.

BZ#975203

In some cases the authconfig utility was not able to properly detect whether SSSD or Winbind should be enabled. As a consequence, these daemons were stopped when authconfig was run although they should have not been effected. With this update, authconfig no longer changes the state nor restarts the services if the services configuration is not changed. As a result, the SSSD or Winbind runs after the execution of the "authconfig --update" command and does not effect any settings related to SSSD or Winbind.

BZ#1023294

When the "authconfig --disableipav2 --update" command was used, the "ipa-client-install --uninstall" command was not run. As a consequence, the IPA client was not properly deinitialized on the machine and the machine was not removed from the previously joined domain. The updated authconfig utility now correctly calls "ipa-client-install --uninstall" in the described scenario, and the IPA client of the machine is properly deinitialized, and the machine removed from the domain.

BZ#1025065

Prior to this update, the default umask when creating home directories with the pam_mkhomedir utility was 0022, which made these directories world-readable. To fix this bug, the "umask=0077" option with pam_mkhomedir is used by default, and the home directories newly created by pam_mkhomedir are no longer world-readable.

BZ#1119797

Previously, the ipa-client-install command used for the IPAv2 domain join was interactively asking for input. When called from the authconfig-gtk GUI, the user could not interact with it, and thus the domain join operation failed. With this update, the authconfig GUI uses the "ipa-client-install --unattended" command and no longer tries to interact with the user. As a result, the IPAv2 domain join operation is now successful.

Enhancement

BZ#916574

The authconfig utility is now able to set up the automount entry in the nsswitch.conf file to pull information from the LDAP server via the SSSD client.