8.15. authconfig

Updated authconfig packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
The authconfig packages contain a command line utility and a GUI application that can configure a workstation to be a client for certain network user information and authentication schemes and other user information and authentication related options.

Bug Fixes

BZ#852997
Previously, the authconfig utility did not back up the /etc/passwd files, /etc/group, /etc/shadow, and /etc/gshadow files. As a consequence, if the "authconfig --restorebackup" command was run, these files were not reverted. With this update, authconfig backs up the aforementioned files, and when the "--restorebackup" option is used, it properly reverts the state of these files.
BZ#912851
Prior to this update, the authconfig utility did not properly read the LDAP base from the nslcd.conf file if there were multiple specific the LDAP bases specified. Consequently, the value of the LDAP base read from nslcd.conf was incorrect. With this update, authconfig ignores the specific LDAP bases, and reads and overwrites only the general LDAP base value.
BZ#975203
In some cases the authconfig utility was not able to properly detect whether SSSD or Winbind should be enabled. As a consequence, these daemons were stopped when authconfig was run although they should have not been effected. With this update, authconfig no longer changes the state nor restarts the services if the services configuration is not changed. As a result, the SSSD or Winbind runs after the execution of the "authconfig --update" command and does not effect any settings related to SSSD or Winbind.
BZ#1023294
When the "authconfig --disableipav2 --update" command was used, the "ipa-client-install --uninstall" command was not run. As a consequence, the IPA client was not properly deinitialized on the machine and the machine was not removed from the previously joined domain. The updated authconfig utility now correctly calls "ipa-client-install --uninstall" in the described scenario, and the IPA client of the machine is properly deinitialized, and the machine removed from the domain.
BZ#1025065
Prior to this update, the default umask when creating home directories with the pam_mkhomedir utility was 0022, which made these directories world-readable. To fix this bug, the "umask=0077" option with pam_mkhomedir is used by default, and the home directories newly created by pam_mkhomedir are no longer world-readable.
BZ#1119797
Previously, the ipa-client-install command used for the IPAv2 domain join was interactively asking for input. When called from the authconfig-gtk GUI, the user could not interact with it, and thus the domain join operation failed. With this update, the authconfig GUI uses the "ipa-client-install --unattended" command and no longer tries to interact with the user. As a result, the IPAv2 domain join operation is now successful.
In addition, this update adds the following

Enhancement

BZ#916574
The authconfig utility is now able to set up the automount entry in the nsswitch.conf file to pull information from the LDAP server via the SSSD client.
Users of authconfig are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.