- Issued:
- 2014-10-13
- Updated:
- 2014-10-13
RHBA-2014:1558 - Bug Fix Advisory
Synopsis
authconfig bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated authconfig packages that fix several bugs and add one enhancement are
now available for Red Hat Enterprise Linux 6.
Description
The authconfig packages contain a command line utility and a GUI application
that can configure a workstation to be a client for certain network user
information and authentication schemes and other user information and
authentication related options.
This update fixes the following bugs:
- Previously, the authconfig utility did not back up the /etc/passwd files,
/etc/group, /etc/shadow, and /etc/gshadow files. As a consequence, if the
"authconfig --restorebackup" command was run, these files were not reverted.
With this update, authconfig backs up the aforementioned files, and when the
"--restorebackup" option is used, it properly reverts the state of these files.
(BZ#852997)
- Prior to this update, the authconfig utility did not properly read the LDAP
base from the nslcd.conf file if there were multiple specific the LDAP bases
specified. Consequently, the value of the LDAP base read from nslcd.conf was
incorrect. With this update, authconfig ignores the specific LDAP bases, and
reads and overwrites only the general LDAP base value. (BZ#912851)
- In some cases the authconfig utility was not able to properly detect whether
SSSD or Winbind should be enabled. As a consequence, these daemons were stopped
when authconfig was run although they should have not been effected. With this
update, authconfig no longer changes the state nor restarts the services if the
services configuration is not changed. As a result, the SSSD or Winbind runs
after the execution of the "authconfig --update" command and does not effect any
settings related to SSSD or Winbind. (BZ#975203)
- When the "authconfig --disableipav2 --update" command was used, the
"ipa-client-install --uninstall" command was not run. As a consequence, the IPA
client was not properly deinitialized on the machine and the machine was not
removed from the previously joined domain. The updated authconfig utility now
correctly calls "ipa-client-install --uninstall" in the described scenario, and
the IPA client of the machine is properly deinitialized, and the machine removed
from the domain. (BZ#1023294)
- Prior to this update, the default umask when creating home directories with
the pam_mkhomedir utility was 0022, which made these directories world-readable.
To fix this bug, the "umask=0077" option with pam_mkhomedir is used by default,
and the home directories newly created by pam_mkhomedir are no longer
world-readable. (BZ#1025065)
- Previously, the ipa-client-install command used for the IPAv2 domain join was
interactively asking for input. When called from the authconfig-gtk GUI, the
user could not interact with it, and thus the domain join operation failed. With
this update, the authconfig GUI uses the "ipa-client-install --unattended"
command and no longer tries to interact with the user. As a result, the IPAv2
domain join operation is now successful. (BZ#1119797)
In addition, this update adds the following enhancement:
- The authconfig utility is now able to set up the automount entry in the
nsswitch.conf file to pull information from the LDAP server via the SSSD client.
(BZ#916574)
Users of authconfig are advised to upgrade to these updated packages, which fix
these bugs and add this enhancement.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6 x86_64
Fixes
- BZ - 707590 - Authconfig should warn of incorrect URI syntax for literal IPv6 addresses
- BZ - 800368 - acutil does not respect changes in resolv.conf
- BZ - 852997 - authconfig backup/restore does not work for --enableshadow and --disableshadow
- BZ - 912851 - Authconfig might pick up the wrong LDAP BASE from /etc/nslcd.conf when using multiple base for NSLCD
- BZ - 975203 - Authconfig does not restart SSSD or Winbind when updating config
- BZ - 1016404 - authconfig: traceback SSSDConfig.AlreadyInitializedError
- BZ - 1023007 - Authconfig withholds error messages
- BZ - 1023286 - authconfig doesn't set IPADOMAINJOINED to yes after successful join to ipa domain
- BZ - 1023293 - sssd is stopped after authconfig --enableipav2 --ipav2join
- BZ - 1023294 - authconfig --disableipav2 should call ipa-client-install --uninstall
- BZ - 1025065 - Authconfig does not specify args for pam_mkhomedir which results in umask=0022 and world-readable home directories.
- BZ - 1066811 - export LANG="zh_CN.utf8",then the "authconfig" command comes with errors
- BZ - 1116372 - update man page with important information
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 6
SRPM | |
---|---|
authconfig-6.1.12-19.el6.src.rpm | SHA-256: e7a8afdc83de1b592e8b7182c90fc1fb56942c0d07e1a84789f1e514dd64d026 |
x86_64 | |
authconfig-6.1.12-19.el6.x86_64.rpm | SHA-256: 64ddf671c51ee2c30741db343bbbdbf01facef378abf85f90d6a5016a00347a1 |
authconfig-debuginfo-6.1.12-19.el6.x86_64.rpm | SHA-256: b9703a90ec45c30636709f7518c020130d5ab23ddcea99c762a13229667960cf |
authconfig-gtk-6.1.12-19.el6.x86_64.rpm | SHA-256: 099978ebce659de589b4914b47369a6db8fc017bafe0c66d03a2d19785963e76 |
i386 | |
authconfig-6.1.12-19.el6.i686.rpm | SHA-256: d317e7d98aaa521e7a58b738ae7e0d6a2b75c36ad57ce5b4d0580b468df6e295 |
authconfig-debuginfo-6.1.12-19.el6.i686.rpm | SHA-256: 6ca75043017217516e7bf1be4677b3bb1d93db34563e67905c8cab6aea32e53f |
authconfig-gtk-6.1.12-19.el6.i686.rpm | SHA-256: 624a27a07c55a691f5412fac45a229be2c9c7a5986c2c3b1f6ee48c97a26f834 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
SRPM | |
---|---|
authconfig-6.1.12-19.el6.src.rpm | SHA-256: e7a8afdc83de1b592e8b7182c90fc1fb56942c0d07e1a84789f1e514dd64d026 |
x86_64 | |
authconfig-6.1.12-19.el6.x86_64.rpm | SHA-256: 64ddf671c51ee2c30741db343bbbdbf01facef378abf85f90d6a5016a00347a1 |
authconfig-debuginfo-6.1.12-19.el6.x86_64.rpm | SHA-256: b9703a90ec45c30636709f7518c020130d5ab23ddcea99c762a13229667960cf |
authconfig-gtk-6.1.12-19.el6.x86_64.rpm | SHA-256: 099978ebce659de589b4914b47369a6db8fc017bafe0c66d03a2d19785963e76 |
i386 | |
authconfig-6.1.12-19.el6.i686.rpm | SHA-256: d317e7d98aaa521e7a58b738ae7e0d6a2b75c36ad57ce5b4d0580b468df6e295 |
authconfig-debuginfo-6.1.12-19.el6.i686.rpm | SHA-256: 6ca75043017217516e7bf1be4677b3bb1d93db34563e67905c8cab6aea32e53f |
authconfig-gtk-6.1.12-19.el6.i686.rpm | SHA-256: 624a27a07c55a691f5412fac45a229be2c9c7a5986c2c3b1f6ee48c97a26f834 |
Red Hat Enterprise Linux Workstation 6
SRPM | |
---|---|
authconfig-6.1.12-19.el6.src.rpm | SHA-256: e7a8afdc83de1b592e8b7182c90fc1fb56942c0d07e1a84789f1e514dd64d026 |
x86_64 | |
authconfig-6.1.12-19.el6.x86_64.rpm | SHA-256: 64ddf671c51ee2c30741db343bbbdbf01facef378abf85f90d6a5016a00347a1 |
authconfig-debuginfo-6.1.12-19.el6.x86_64.rpm | SHA-256: b9703a90ec45c30636709f7518c020130d5ab23ddcea99c762a13229667960cf |
authconfig-gtk-6.1.12-19.el6.x86_64.rpm | SHA-256: 099978ebce659de589b4914b47369a6db8fc017bafe0c66d03a2d19785963e76 |
i386 | |
authconfig-6.1.12-19.el6.i686.rpm | SHA-256: d317e7d98aaa521e7a58b738ae7e0d6a2b75c36ad57ce5b4d0580b468df6e295 |
authconfig-debuginfo-6.1.12-19.el6.i686.rpm | SHA-256: 6ca75043017217516e7bf1be4677b3bb1d93db34563e67905c8cab6aea32e53f |
authconfig-gtk-6.1.12-19.el6.i686.rpm | SHA-256: 624a27a07c55a691f5412fac45a229be2c9c7a5986c2c3b1f6ee48c97a26f834 |
Red Hat Enterprise Linux Desktop 6
SRPM | |
---|---|
authconfig-6.1.12-19.el6.src.rpm | SHA-256: e7a8afdc83de1b592e8b7182c90fc1fb56942c0d07e1a84789f1e514dd64d026 |
x86_64 | |
authconfig-6.1.12-19.el6.x86_64.rpm | SHA-256: 64ddf671c51ee2c30741db343bbbdbf01facef378abf85f90d6a5016a00347a1 |
authconfig-debuginfo-6.1.12-19.el6.x86_64.rpm | SHA-256: b9703a90ec45c30636709f7518c020130d5ab23ddcea99c762a13229667960cf |
authconfig-gtk-6.1.12-19.el6.x86_64.rpm | SHA-256: 099978ebce659de589b4914b47369a6db8fc017bafe0c66d03a2d19785963e76 |
i386 | |
authconfig-6.1.12-19.el6.i686.rpm | SHA-256: d317e7d98aaa521e7a58b738ae7e0d6a2b75c36ad57ce5b4d0580b468df6e295 |
authconfig-debuginfo-6.1.12-19.el6.i686.rpm | SHA-256: 6ca75043017217516e7bf1be4677b3bb1d93db34563e67905c8cab6aea32e53f |
authconfig-gtk-6.1.12-19.el6.i686.rpm | SHA-256: 624a27a07c55a691f5412fac45a229be2c9c7a5986c2c3b1f6ee48c97a26f834 |
Red Hat Enterprise Linux for IBM z Systems 6
SRPM | |
---|---|
authconfig-6.1.12-19.el6.src.rpm | SHA-256: e7a8afdc83de1b592e8b7182c90fc1fb56942c0d07e1a84789f1e514dd64d026 |
s390x | |
authconfig-6.1.12-19.el6.s390x.rpm | SHA-256: 1a3190651c973fc4e6da02169e1280e6aca8b4439095c3d0b1b40d3da33dfe25 |
authconfig-debuginfo-6.1.12-19.el6.s390x.rpm | SHA-256: 001460e194731cfea199f35d93a1bfb52f88283cace92d2c1b8a82d1c6e2119c |
authconfig-gtk-6.1.12-19.el6.s390x.rpm | SHA-256: cd7b6587dd5e0d725040f88564c01a1c235eec04eb017396405ac242eaf9faf5 |
Red Hat Enterprise Linux for Power, big endian 6
SRPM | |
---|---|
authconfig-6.1.12-19.el6.src.rpm | SHA-256: e7a8afdc83de1b592e8b7182c90fc1fb56942c0d07e1a84789f1e514dd64d026 |
ppc64 | |
authconfig-6.1.12-19.el6.ppc64.rpm | SHA-256: 3f2f88822a278b797bbc4b776ca5d6847cee0611d97ab852004c343695d15dd2 |
authconfig-debuginfo-6.1.12-19.el6.ppc64.rpm | SHA-256: ef15261a2a9777225406644c0b827936c87c4ddca24c9071e58c727152bad892 |
authconfig-gtk-6.1.12-19.el6.ppc64.rpm | SHA-256: 0214d3f2087fe8339d6929758adbc120bc3bedbb3f3e63da6b682ebd361f809b |
Red Hat Enterprise Linux for Scientific Computing 6
SRPM | |
---|---|
authconfig-6.1.12-19.el6.src.rpm | SHA-256: e7a8afdc83de1b592e8b7182c90fc1fb56942c0d07e1a84789f1e514dd64d026 |
x86_64 | |
authconfig-6.1.12-19.el6.x86_64.rpm | SHA-256: 64ddf671c51ee2c30741db343bbbdbf01facef378abf85f90d6a5016a00347a1 |
authconfig-debuginfo-6.1.12-19.el6.x86_64.rpm | SHA-256: b9703a90ec45c30636709f7518c020130d5ab23ddcea99c762a13229667960cf |
authconfig-debuginfo-6.1.12-19.el6.x86_64.rpm | SHA-256: b9703a90ec45c30636709f7518c020130d5ab23ddcea99c762a13229667960cf |
authconfig-gtk-6.1.12-19.el6.x86_64.rpm | SHA-256: 099978ebce659de589b4914b47369a6db8fc017bafe0c66d03a2d19785963e76 |
Red Hat Enterprise Linux Server from RHUI 6
SRPM | |
---|---|
authconfig-6.1.12-19.el6.src.rpm | SHA-256: e7a8afdc83de1b592e8b7182c90fc1fb56942c0d07e1a84789f1e514dd64d026 |
x86_64 | |
authconfig-6.1.12-19.el6.x86_64.rpm | SHA-256: 64ddf671c51ee2c30741db343bbbdbf01facef378abf85f90d6a5016a00347a1 |
authconfig-debuginfo-6.1.12-19.el6.x86_64.rpm | SHA-256: b9703a90ec45c30636709f7518c020130d5ab23ddcea99c762a13229667960cf |
authconfig-gtk-6.1.12-19.el6.x86_64.rpm | SHA-256: 099978ebce659de589b4914b47369a6db8fc017bafe0c66d03a2d19785963e76 |
i386 | |
authconfig-6.1.12-19.el6.i686.rpm | SHA-256: d317e7d98aaa521e7a58b738ae7e0d6a2b75c36ad57ce5b4d0580b468df6e295 |
authconfig-debuginfo-6.1.12-19.el6.i686.rpm | SHA-256: 6ca75043017217516e7bf1be4677b3bb1d93db34563e67905c8cab6aea32e53f |
authconfig-gtk-6.1.12-19.el6.i686.rpm | SHA-256: 624a27a07c55a691f5412fac45a229be2c9c7a5986c2c3b1f6ee48c97a26f834 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
SRPM | |
---|---|
authconfig-6.1.12-19.el6.src.rpm | SHA-256: e7a8afdc83de1b592e8b7182c90fc1fb56942c0d07e1a84789f1e514dd64d026 |
s390x | |
authconfig-6.1.12-19.el6.s390x.rpm | SHA-256: 1a3190651c973fc4e6da02169e1280e6aca8b4439095c3d0b1b40d3da33dfe25 |
authconfig-debuginfo-6.1.12-19.el6.s390x.rpm | SHA-256: 001460e194731cfea199f35d93a1bfb52f88283cace92d2c1b8a82d1c6e2119c |
authconfig-gtk-6.1.12-19.el6.s390x.rpm | SHA-256: cd7b6587dd5e0d725040f88564c01a1c235eec04eb017396405ac242eaf9faf5 |
Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6
SRPM | |
---|---|
authconfig-6.1.12-19.el6.src.rpm | SHA-256: e7a8afdc83de1b592e8b7182c90fc1fb56942c0d07e1a84789f1e514dd64d026 |
x86_64 | |
authconfig-6.1.12-19.el6.x86_64.rpm | SHA-256: 64ddf671c51ee2c30741db343bbbdbf01facef378abf85f90d6a5016a00347a1 |
authconfig-debuginfo-6.1.12-19.el6.x86_64.rpm | SHA-256: b9703a90ec45c30636709f7518c020130d5ab23ddcea99c762a13229667960cf |
authconfig-gtk-6.1.12-19.el6.x86_64.rpm | SHA-256: 099978ebce659de589b4914b47369a6db8fc017bafe0c66d03a2d19785963e76 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.