1.7. authconfig

Updated authconfig packages that fix several bugs and add an enhancement are now available for Red Hat Enterprise Linux 6.
The authconfig package contains a command line utility and a GUI application that can configure a workstation to be a client for certain network user information and authentication schemes and other user information and authentication related options.
The authconfig package has been upgraded to upstream version 6.1.12, which provides a number of bug fixes and enhancements over the previous version. This version also adds new options: "--enableforcelegacy" and "--disableforcelegacy". These options allow the user to use legacy LDAP and Kerberos user identity and authentication modules instead of the SSSD modules. (BZ#655910)
Bug Fixes
Prior to this update, authconfig unnecessarily restarted the user information and authentication services even though there were no configuration changes that would require the restart. With this update, services are no longer restarted unless explicitly required.
The authentication configuration utility did not keep the "Require smart card for login" check box set when Kerberos was also enabled. When the check box was checked and the configuration was saved with the "Apply" button, the system would correctly require smart card for login. However, on the subsequent run of the authentication configuration utility the check box would be unchecked again and it was necessary to check it again to keep the option switched on. With this update, the "Require smart card for login" stays checked even after subsequent runs of the authentication configuration utility.
The authentication configuration tool GUI incorrectly duplicated its window when the "Revert" button was pressed. This update fixes the duplicity problem.
In some cases, when multiple configuration files with the same configuration settings contained different configuration values for a setting, the configuration files contents were not properly synchronized with authconfig. With this update, the synchronization works as expected.
The authentication configuration tool GUI allowed to choose user identity and authentication schemes which require packages that are not installed on the system by default. With this update, certain identity and authentication schemes cannot be configured when they are not installed on the system.
The authconfig textual user interface incorrectly required the nss-pam-ldap package to be installed when the configuration used SSSD for LDAP user identification. With this update, the nss-pam-ldap package is not required in such a case.
Prior to this update, the authentication configuration tool overwrote the cache_credentials value to "True" in the SSSD configuration file (/etc/sssd/sssd.conf) if the configuration allowed using SSSD for the network user information and authentication services. With this update, the "cache_credentials" parameter is no longer overwritten in the aforementioned case.
The "system-config-authentication" command crashed when executed in an environment without the X server running. With this update, a proper error message is printed in the aforementioned case.
Users are advised to upgrade to these updated authconfig packages, which resolve these issues and add this enhancement.