Re: system-auth.rpmnew

Toby Bluhm <tkb@xxxxxxxxxxxxxxxxxxxxxx> · Mon, 30 Jun 2008 08:54:29 -0400

Kai Schaetzl wrote:
William L. Maltby wrote on Sun, 29 Jun 2008 09:09:17 -0400:

IMO, it's never OK w/o first examining the effects. The rpmnew is
provided specifically because replacing the previous one may be highly
destructive to the aims of that system's users/admins.

I've not looked, but I suspect the rpmnew needs to be compared to the
target of the symlink.

That's the point and why I'm asking. I think the rpmnew got created 
because the target is a symlink (I think normally rpm overwrites a config 
file if it has not been changed from the previous version, this obviously 
is bound to fail in this case). The question now is, should it have 
actually replaced system-auth-ca, was the symlink incorrect in the first 
place, should there be both system-auth and system-auth-ca be available in 
parallel, or what? I don't know for what exactly both or just one of the 
files gets used, I can just assume it's some authorization. And ca file 
might get used when authorizing with a certificate (remote or with a 
card?).
I don't find myself in a position to assess the difference between the 
files and what it means for security. The main difference between the 
files seems to be something about user-ids above/below 500.

I don't see a system-auth-ca on my 4 Centos5 systems.

My 3 systems still at C5.1 show the same:

ls -als /etc/pam.d/system-auth*

4 lrwxrwxrwx 1 root root  14 May 10  2007 /etc/pam.d/system-auth -> 
system-auth-ac
8 -rw-r--r-- 1 root root 848 May 10  2007 /etc/pam.d/system-auth-ac
4 -rw-r--r-- 1 root root 683 Nov 10  2007 /etc/pam.d/system-auth.rpmnew

rpm -q --whatprovides /etc/pam.d/system-auth
pam-0.99.6.2-3.26.el5

rpm -q --whatprovides /etc/pam.d/system-auth-ac
authconfig-5.3.12-2.el5

My test box at C5.2:

ls -als /etc/pam.d/system-auth*

4 lrwxrwxrwx 1 root root  14 May 20 09:09 /etc/pam.d/system-auth -> 
system-auth-ac
8 -rw-r--r-- 1 root root 844 May 20 09:09 /etc/pam.d/system-auth-ac
4 -rw-r--r-- 1 root root 683 May 24 13:35 /etc/pam.d/system-auth.rpmnew

rpm -q --whatprovides /etc/pam.d/system-auth
pam-0.99.6.2-3.27.el5

rpm -q --whatprovides /etc/pam.d/system-auth-ac
authconfig-5.3.21-3.el5

--
Toby Bluhm
Alltech Medical Systems America, Inc.
30825 Aurora Road Suite 100
Solon Ohio 44139
440-424-2240 ext203

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos