Issued:: 2011-05-19
Updated:: 2011-05-19

RHBA-2011:0595 - authconfig bug fix and enhancement update

Synopsis

authconfig bug fix and enhancement update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated authconfig packages that fix several bugs and add an enhancement are now available.

Description

The authconfig package contains a command line utility and a GUI application that can configure a workstation to be a client for certain network user information and authentication schemes and other user information and authentication related options.

These updated authconfig packages provide fixes for the following bugs:

Prior to this update, authconfig unnecessarily restarted the user information and authentication services even though there were no configuration changes that would require the restart. With this update, services are no longer restarted unless explicitly required. (BZ#595261)
The authentication configuration utility did not keep the "Require smart card for login" check box set when Kerberos was also enabled. When the check box was checked and the configuration was saved with the "Apply" button, the system would correctly require smart card for login. However, on the subsequent run of the authentication configuration utility the check box would be unchecked again and it was necessary to check it again to keep the option switched on. With this update, the "Require smart card for login" stays checked even after subsequent runs of the authentication configuration utility. (BZ#620475)
The authentication configuration tool GUI incorrectly duplicated its window when the "Revert" button was pressed. This update fixes the duplicity problem. (BZ#621632)
In some cases, when multiple configuration files with the same configuration settings contained different configuration values for a setting, the configuration files contents were not properly synchronized with authconfig. With this update, the synchronization works as expected. (BZ#624159)
The authentication configuration tool GUI allowed to choose user identity and authentication schemes which require packages that are not installed on the system by default. With this update, certain identity and authentication schemes cannot be configured when they are not installed on the system. (BZ#639747)
The authconfig textual user interface incorrectly required the nss-pam-ldap package to be installed when the configuration used SSSD for LDAP user identification. With this update, the nss-pam-ldap package is not required in such a case. (BZ#663882)
Prior to this update, the authentication configuration tool overwrote the cache_credentials value to "True" in the SSSD configuration file (/etc/sssd/sssd.conf) if the configuration allowed using SSSD for the network user information and authentication services. With this update, the "cache_credentials" parameter is no longer overwritten in the aforementioned case. (BZ#674844)
The "system-config-authentication" command crashed when executed in an environment without the X server running. With this update, a proper error message is printed in the aforementioned case. (BZ#676333)

In addition, these updated authconfig packages provide the following enhancement:

The authconfig package has been upgraded to upstream version 6.1.12, which provides a number of bug fixes and enhancements over the previous version. This version also adds new options: "--enableforcelegacy" and "--disableforcelegacy". These options allow the user to use legacy LDAP and Kerberos user identity and authentication modules instead of the SSSD modules. (BZ#655910)

Users are advised to upgrade to these updated authconfig packages, which resolve these issues and add this enhancement.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Product	Version	Arch
Red Hat Enterprise Linux for Scientific Computing	6	x86_64
Red Hat Enterprise Linux for Power, big endian	6	ppc64
Red Hat Enterprise Linux for IBM z Systems	6	s390x
Red Hat Enterprise Linux Workstation	6	x86_64
Red Hat Enterprise Linux Workstation	6	i386
Red Hat Enterprise Linux Server	6	x86_64
Red Hat Enterprise Linux Server	6	i386
Red Hat Enterprise Linux Server from RHUI	6	x86_64
Red Hat Enterprise Linux Server from RHUI	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems)	6	s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems)	6	s390x
Red Hat Enterprise Linux Desktop	6	x86_64
Red Hat Enterprise Linux Desktop	6	i386

Updated Packages

authconfig-debuginfo-6.1.12-5.el6.i686.rpm
authconfig-debuginfo-6.1.12-5.el6.s390x.rpm
authconfig-6.1.12-5.el6.src.rpm
authconfig-gtk-6.1.12-5.el6.x86_64.rpm
authconfig-gtk-6.1.12-5.el6.s390x.rpm
authconfig-6.1.12-5.el6.s390x.rpm
authconfig-debuginfo-6.1.12-5.el6.x86_64.rpm
authconfig-debuginfo-6.1.12-5.el6.ppc64.rpm
authconfig-6.1.12-5.el6.i686.rpm
authconfig-6.1.12-5.el6.ppc64.rpm
authconfig-gtk-6.1.12-5.el6.i686.rpm
authconfig-6.1.12-5.el6.x86_64.rpm
authconfig-gtk-6.1.12-5.el6.ppc64.rpm

Fixes

CVEs

(none)

References

(none)

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.