On Thu, May 18, 2017 at 6:17 AM, Jakub Hrozek <jhrozek@xxxxxxxxxx> wrote: > On Tue, May 16, 2017 at 08:20:49AM -0400, Stephen Gallagher wrote: >> Yes, authconfig is *not* a good tool for managing centralized authentication >> services and its upstream has been unable to keep up with the changing needs of >> the system. That's why work is under way to replace it with more robust tools. I >> think Jakub can talk more about that. > > Yeah, there is a project in a fairly early stage (so, we don't even have > a Fedora Change page yet, but we need to file one for F-27) to replace > authconfig. > > The basic idea is that instead of trying to generate a nss/pam stack > based on what the admin called authconfig with (and hope for the best) > the tool would include a curated and well tested set of stacks to support > the common configuration types. Cool. I'd love to see, for example "sss" not even listed in the equivalent of /etc/nsswitch.conf for systems that haven't specifically enabled any service that actually uses LDAP. Currently, the stack relies on authconfig turning *off* the sssd daemon. I'd prefer to see it listed there only if there's actually anything configured to use it. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
