Re: F27 Self Contained Change: Authselect: new tool to replace authconfig

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 18, 2017 at 12:38 PM Jason L Tibbitts III <tibbs@xxxxxxxxxxx> wrote:
>>>>> "JR" == Jaroslav Reznik <jreznik@xxxxxxxxxx> writes:

JR> At the same time, some obsolete features of authconfig
JR> would not be supported by authselect.

I have a couple of concerns about this.

First, this seems to impact anaconda/kickstart since the "authconfig"
line basically _is_ an authconfig command line.

Secondly, what would replace a call like:

authconfig --enableldap --ldapbase=dc=whatever
  --ldapserver=ldaps://ldap1.whatever,ldaps://ldap2.whatever,ldaps://ldap3.whatever
  --enablekrb5 --krb5realm=WHATEVER
  --krb5kdc=kerberos1.whatever,kerberos2.whatever
  --krb5adminserver=kerberos1.whatever --useshadow

Is setting those ldap and kerberos servers in the proper files now
obsolete functionality?  If that all needs to be configured manually
(since there's no IPA or AD server involved here) then will anaconda
grow support for that or will existing authconfig lines just not work?

Disclaimer: Fortunately for me I've recently switched to doing that kind
of setup via ansible instead of using the authconfig line in kickstart.
So technically I don't care any more, but I can imagine that there are
still a number of people who do.

JR> == Scope ==
JR> * Proposal owners: implement the change
JR> * Other developers: N/A (not a System Wide Change)

So I do think this is a bit wider in scope than the authconfig command
going away, unless anaconda has stopped implementing the 'authconfig'
directive by running authconfig.



Short version: this isn't going away in F27 and the Change title is misleading. Authconfig isn't going away at least until F28 (once authselect has been tested in the real world). The "auth" line in Anaconda will continue to be handled by authconfig in F27 (which is why this is a self-contained change rather than a system-wide one).

It will not actually *replace* authconfig until it can satisfy the requirements of the kickstarts as well (and not any earlier than F28). 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux