On 01/05/2018 02:50 PM, Jan Kurik wrote:
= System Wide Change: Make authselect default tool instead of authconfig =
https://fedoraproject.org/wiki/Changes/AuthselectAsDefault
Change owner(s):
* Pavel Březina <pbrezina AT redhat DOT com>
Replace authconfig with authselect and make authselect a default tool
to configure PAM and nsswitch.conf. A compatibility tool will help
with transition period from authconfig to authselect.
Authselect is a tool to select system authentication and identity
sources from a list of supported profiles and it is available to users
since Fedora 27. Authselect is designed to be a replacement for
authconfig but it takes a different approach to configure the system.
Instead of letting the administrator build the pam stack with a tool
(which may potentially end up with a broken configuration), it ships
several tested stacks (profiles) that solve primary supported use
cases and are well tested and supported. At the same time, some
obsolete features of authconfig are not supported by authselect.
Additionally, authselect is written in C and has a small footprint
which allows it to be also part of minimal installations.
I pushed authselect-0.3 to rawhide. Realmd is converted to authselect
and was pushed as well. Anaconda, fprintd will be available soon and ipa
changes are still under development, but they all should work now
through compatibility tool.
There is a new package: authselect-compat, which provides "authconfig".
It is a python script that provides minimum level of compatibility with
authconfig. Its purpose it not to reimplement all authconfig features,
but it translates it to authselect calls and writes few configuration
files in order to allow authentication. But not all authconfig options
are supported. It prints a loud deprecation warning. Please, test it.
There is a authselect-migration(7) manual page that will help users with
the migration process.
As requested on this list, custom profile directory has been moved to
/etc/authselect/custom. Authselect cli has unified and documented return
codes so it can be used in users scripts.
I also implemented new template engine, which is not backwards
compatible but this is acceptable for this release since it is still in
a testing phase. Now the templates are clear and reads very good, see:
https://raw.githubusercontent.com/pbrezina/authselect/master/profiles/sssd/smartcard-auth
There is now authselect-devel package that allows you to use our API in
C. We also plan to provide python bindings and ansible module in future
versions (F29 scope).
We already have one external contributor, I'm happy to see there is
interest in this project from community.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
