Re: F28 System Wide Change: Make authselect default tool instead of authconfig

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/05/2018 03:14 PM, John Florian wrote:
On Fri, 2018-01-05 at 14:50 +0100, Jan Kurik wrote:
The tool is packaged with a default
profile set that is fully supported. If an administrator has
different
needs they can create a custom profile and make it accessible in
authselect by dropping it in the tool specific directory.

How?  The authselect(8) man page tells me that `authselect show
profile_id` will print info about the profile, but I see nothing of any
detail.  (Perhaps more could be gleaned with `--trace`, but without any
apparent dry-run option I'd want a VM to experiment.)

There is also authselect-profiles(5) that explains how profiles works. But it is not yet present in current Fedora packages. I will do new release on Monday.

Looking at the package contents doesn't help much either:

$ rpm -ql authselect
/usr/bin/authselect
/usr/lib/.build-id
/usr/lib/.build-id/b6
/usr/lib/.build-id/b6/6bcffc0719e16ebb39e888f8da173aa2bd464e
/usr/share/man/man8/authselect.8.gz

So the built-in profiles are hard-coded into the binary?  I might have
expected a data dir providing these to serve as examples for making new
ones.

Yes, there is a data dir: /usr/share/authselect/
Description of these directories may be seen in the man page, currently at this upstream link:
https://github.com/pbrezina/authselect/blob/master/src/man/authselect-profiles.5.txt.in.in

I also didn't see (nor did I even try searching for) any mention of the
upstream project.

Otherwise, this is a very nice write up.  I'm mostly curious as our
setup uses an openldap directory server for identity and WinAD for
authentication.  realmd doesn't seem to cover (from a very cursory
glance) that arrangement.  So I have an eye out for how to best
leverage these things, if at all.

We had many discussions on this topic while designing and developing authselect. The resolution was to include only sssd and winbind profiles and avoid other use cases and avoid plain ldap and kerberos since they can be implemented with sssd. So the use case that you have mentioned above (different id and auth providers) can be achieved.

We do not want to touch configurations with authselect. But to avoid breaking user scripts, we will configure daemons with the compatibility tool to mimic authconfig behavior wherever possible.

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux