rpms/authselect
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import authselect-1.2.5-1.el8

Browse Source
This commit is contained in:
CentOS Sources 2022-09-27 15:59:36 -04:00 committed by root
parent 7e52fa4b6e
commit 306a4a4836
9 changed files with 86 additions and 8444 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.authselect.metadata
View File

@ -1 +1 @@
7409561c3379931675241b7858ab27fee13bd2ed SOURCES/authselect-1.2.2.tar.gz 4eb7fbb53b31d92f0fae17d6fd5e5da46bc8b434 SOURCES/authselect-1.2.5.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/authselect-1.2.2.tar.gz SOURCES/authselect-1.2.5.tar.gz

246
SOURCES/0001-profiles-try_first_pass-has-no-effect-on-pam_unix-an.patch
View File

@ -1,246 +0,0 @@
From a8def58508ab4cc137700555a74e71de88ccb6bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 13 May 2021 10:42:13 +0200
Subject: [PATCH] profiles: try_first_pass has no effect on pam_unix and
pam_pwquality
Resolves:
https://github.com/authselect/authselect/issues/247
---
profiles/minimal/password-auth | 6 +++---
profiles/minimal/system-auth | 6 +++---
profiles/nis/password-auth | 6 +++---
profiles/nis/system-auth | 6 +++---
profiles/sssd/password-auth | 6 +++---
profiles/sssd/system-auth | 6 +++---
profiles/winbind/password-auth | 6 +++---
profiles/winbind/system-auth | 6 +++---
src/man/authselect-profiles.5.adoc | 6 +++---
9 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/profiles/minimal/password-auth b/profiles/minimal/password-auth
index c27f07303aa18d2a8a7425eb6c4fbbf4fc5d5209..823cc7d2dc49b529c922877b1d5a4ae355e9672b 100644
--- a/profiles/minimal/password-auth
+++ b/profiles/minimal/password-auth
@@ -1,7 +1,7 @@
auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth required pam_faillock.so preauth silent {include if "with-faillock"}
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
auth required pam_faillock.so authfail {include if "with-faillock"}
auth required pam_deny.so
@@ -9,8 +9,8 @@ account required pam_access.so
account required pam_faillock.so {include if "with-faillock"}
account required pam_unix.so
-password requisite pam_pwquality.so try_first_pass
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
+password requisite pam_pwquality.so
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
diff --git a/profiles/minimal/system-auth b/profiles/minimal/system-auth
index c27f07303aa18d2a8a7425eb6c4fbbf4fc5d5209..823cc7d2dc49b529c922877b1d5a4ae355e9672b 100644
--- a/profiles/minimal/system-auth
+++ b/profiles/minimal/system-auth
@@ -1,7 +1,7 @@
auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth required pam_faillock.so preauth silent {include if "with-faillock"}
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
auth required pam_faillock.so authfail {include if "with-faillock"}
auth required pam_deny.so
@@ -9,8 +9,8 @@ account required pam_access.so
account required pam_faillock.so {include if "with-faillock"}
account required pam_unix.so
-password requisite pam_pwquality.so try_first_pass
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
+password requisite pam_pwquality.so
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
index 7997ea8de61ad6392ed01c39727f70253b5cc0ca..fca075b3e8a289aef2055cc8bb8551540957e70f 100644
--- a/profiles/nis/password-auth
+++ b/profiles/nis/password-auth
@@ -3,7 +3,7 @@ auth required pam_faildelay.so delay=
auth required pam_faillock.so preauth silent {include if "with-faillock"}
auth sufficient pam_u2f.so cue {include if "with-pam-u2f"}
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
auth required pam_faillock.so authfail {include if "with-faillock"}
auth required pam_deny.so
@@ -11,8 +11,8 @@ account required pam_access.so
account required pam_faillock.so {include if "with-faillock"}
account required pam_unix.so broken_shadow
-password requisite pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok nis
+password requisite pam_pwquality.so {if not "with-nispwquality":local_users_only}
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok nis
password required pam_deny.so
session optional pam_keyinit.so revoke
diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
index 057b31e074f29c46b492fa310a954e281631800e..c4a74b857f8759082973936bd7d4e5b8718680c4 100644
--- a/profiles/nis/system-auth
+++ b/profiles/nis/system-auth
@@ -4,7 +4,7 @@ auth required pam_faillock.so preauth
auth sufficient pam_fprintd.so {include if "with-fingerprint"}
auth sufficient pam_u2f.so cue {include if "with-pam-u2f"}
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
auth required pam_faillock.so authfail {include if "with-faillock"}
auth required pam_deny.so
@@ -12,8 +12,8 @@ account required pam_access.so
account required pam_faillock.so {include if "with-faillock"}
account required pam_unix.so broken_shadow
-password requisite pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok nis
+password requisite pam_pwquality.so {if not "with-nispwquality":local_users_only}
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok nis
password required pam_deny.so
session optional pam_keyinit.so revoke
diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
index d6953428cca7d6518f63c3fdbaabc4746c35f91b..b75926205f233d65553caa5d33f1d06c1c77a32e 100644
--- a/profiles/sssd/password-auth
+++ b/profiles/sssd/password-auth
@@ -6,7 +6,7 @@ auth sufficient pam_u2f.so cue
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth [default=1 ignore=ignore success=ok] pam_localuser.so
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth sufficient pam_sss.so forward_pass
auth required pam_faillock.so authfail {include if "with-faillock"}
@@ -20,8 +20,8 @@ account sufficient pam_usertype.so issyste
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
-password requisite pam_pwquality.so try_first_pass local_users_only
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
+password requisite pam_pwquality.so local_users_only
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
index 58d51067feb36850fb11bbba73067495f88c0b9e..e4bdb2b40255c056257ba5569a0b5b21ebaeb261 100644
--- a/profiles/sssd/system-auth
+++ b/profiles/sssd/system-auth
@@ -11,7 +11,7 @@ auth [default=1 ignore=ignore success=ok] pam_usertype.so isregul
auth [default=1 ignore=ignore success=ok] pam_localuser.so {exclude if "with-smartcard"}
auth [default=2 ignore=ignore success=ok] pam_localuser.so {include if "with-smartcard"}
auth [success=done authinfo_unavail=ignore ignore=ignore default=die] pam_sss.so try_cert_auth {include if "with-smartcard"}
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth sufficient pam_sss.so forward_pass
auth required pam_faillock.so authfail {include if "with-faillock"}
@@ -25,8 +25,8 @@ account sufficient pam_usertype.so issyste
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
-password requisite pam_pwquality.so try_first_pass local_users_only
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
+password requisite pam_pwquality.so local_users_only
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
index bbeca057d49102889e3eeee040ea256dbd751eef..75e1e529944afa68fd06e4dd189d722fd80d9336 100644
--- a/profiles/winbind/password-auth
+++ b/profiles/winbind/password-auth
@@ -3,7 +3,7 @@ auth required pam_faildelay.so delay=
auth required pam_faillock.so preauth silent {include if "with-faillock"}
auth sufficient pam_u2f.so cue {include if "with-pam-u2f"}
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass
auth required pam_faillock.so authfail {include if "with-faillock"}
@@ -17,8 +17,8 @@ account sufficient pam_usertype.so issyste
account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth}
account required pam_permit.so
-password requisite pam_pwquality.so try_first_pass local_users_only
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
+password requisite pam_pwquality.so local_users_only
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
password sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_authtok
password required pam_deny.so
diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
index 8e6026b782f8bd7e64632a9acedf304bd95f29e1..ae5262f2bb8c9ee8848c66eb00b15ff3d1fb8230 100644
--- a/profiles/winbind/system-auth
+++ b/profiles/winbind/system-auth
@@ -4,7 +4,7 @@ auth required pam_faillock.so preauth
auth sufficient pam_fprintd.so {include if "with-fingerprint"}
auth sufficient pam_u2f.so cue {include if "with-pam-u2f"}
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass
auth required pam_faillock.so authfail {include if "with-faillock"}
@@ -18,8 +18,8 @@ account sufficient pam_usertype.so issyste
account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth}
account required pam_permit.so
-password requisite pam_pwquality.so try_first_pass local_users_only
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
+password requisite pam_pwquality.so local_users_only
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
password sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_authtok
password required pam_deny.so
diff --git a/src/man/authselect-profiles.5.adoc b/src/man/authselect-profiles.5.adoc
index 0890b8b0acef811a639f6cd763b2d24f0c489881..4baa2800c766f59cf250cc5570c259f636a2305b 100644
--- a/src/man/authselect-profiles.5.adoc
+++ b/src/man/authselect-profiles.5.adoc
@@ -154,7 +154,7 @@ for pam_faillock.
auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
auth [default=1 ignore=ignore success=ok] pam_localuser.so
- auth sufficient pam_unix.so nullok try_first_pass
+ auth sufficient pam_unix.so nullok
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
@@ -172,7 +172,7 @@ to include both features but only "with-smartcard-required" is necessary.
auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
auth [default=1 ignore=ignore success=ok] pam_localuser.so
- auth sufficient pam_unix.so nullok try_first_pass
+ auth sufficient pam_unix.so nullok
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
@@ -193,7 +193,7 @@ previous example.
auth [default=1 ignore=ignore success=ok] pam_localuser.so {exclude if "with-smartcard"}
auth [default=2 ignore=ignore success=ok] pam_localuser.so {include if "with-smartcard"}
auth [success=done authinfo_unavail=ignore ignore=ignore default=die] pam_sss.so try_cert_auth {include if "with-smartcard"}
- auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
+ auth sufficient pam_unix.so {if not "without-nullok":nullok}
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth required pam_deny.so
--
2.20.1

40
SOURCES/0002-cli-use-gettext-on-common-options.patch
View File

@ -1,40 +0,0 @@
From 3a3d9380eafcf4c53d3733b39dbb45b67dc3a566 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 29 Jun 2021 14:04:24 +0200
Subject: [PATCH] cli: use gettext on common options
Also make --debug description the same as in cli_tool_print_common_opts.
These options are printed when a wrong argument is given on the command line. E.g.
authselect select --invalid-arg
---
src/cli/cli_tool.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/cli/cli_tool.c b/src/cli/cli_tool.c
index 3cc6b735eb45bc45afd21907a690b732f6844f3b..64807af3cb0c3aeb70ff652962dca62a3b99c431 100644
--- a/src/cli/cli_tool.c
+++ b/src/cli/cli_tool.c
@@ -87,12 +87,16 @@ static void cli_tool_print_common_opts(int min_len)
static struct poptOption *cli_tool_common_opts_table(void)
{
static struct poptOption options[] = {
- {"debug", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 'd', "Print more verbose debugging information", NULL },
- {"trace", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 't', "Print trace messages", NULL },
- {"warn", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 'w', "Print warning messages", NULL },
+ {"debug", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 'd', NULL, NULL },
+ {"trace", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 't', NULL, NULL },
+ {"warn", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 'w', NULL, NULL },
POPT_TABLEEND
};
+ options[0].descrip = _("Print error messages");
+ options[1].descrip = _("Print trace messages");
+ options[2].descrip = _("Print warning messages");
+
return options;
}
--
2.20.1

8081
SOURCES/0003-po-update-translations.patch
View File

File diff suppressed because it is too large Load Diff

11
SOURCES/0901-rhel8-remove-mention-of-Fedora-Change-page-in-compat.patch
View File

@ -1,17 +1,18 @@
From 009be0fc33866a590de8720cb0f3dab811e10059 Mon Sep 17 00:00:00 2001 From 2f1fea5ec3132f2ced05887ba24d03e134934930 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 30 Oct 2018 14:08:12 +0100 Date: Tue, 30 Oct 2018 14:08:12 +0100
Subject: [PATCH] rhel8: remove mention of Fedora Change page in compat tool Subject: [PATCH 1/3] rhel8: remove mention of Fedora Change page in compat
tool
--- ---
src/compat/authcompat.py.in.in | 1 - src/compat/authcompat.py.in.in | 1 -
1 file changed, 1 deletion(-) 1 file changed, 1 deletion(-)
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
index 0be644222a44185cb08ff696afad5adf05995093..42cc6f3c0e38d8e14d62bd5acdc171176a6cb51f 100755 index 1a68d95c71b51beabe80e9b07c084ea9c2f3580d..8334293911d1d4c2d98a6d233b91fc348cf06575 100755
--- a/src/compat/authcompat.py.in.in --- a/src/compat/authcompat.py.in.in
+++ b/src/compat/authcompat.py.in.in +++ b/src/compat/authcompat.py.in.in
@@ -469,7 +469,6 @@ class AuthCompat: @@ -471,7 +471,6 @@ class AuthCompat:
"It does not provide all capabilities of authconfig.\n")) "It does not provide all capabilities of authconfig.\n"))
print(_("IMPORTANT: authconfig is replaced by authselect, " print(_("IMPORTANT: authconfig is replaced by authselect, "
"please update your scripts.")) "please update your scripts."))
@ -20,5 +21,5 @@ index 0be644222a44185cb08ff696afad5adf05995093..42cc6f3c0e38d8e14d62bd5acdc17117
options = self.options.getSetButUnsupported() options = self.options.getSetButUnsupported()
-- --
2.17.2 2.34.1

112
SOURCES/0902-rhel8-remove-ecryptfs-support.patch
View File

@ -1,7 +1,7 @@
From 8f39d5ebcf18b9d987af5ad851fe1637ce1fce22 Mon Sep 17 00:00:00 2001 From bfa639947df40c7d601a459af5f0995c89a67200 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 10 Jun 2019 10:53:15 +0200 Date: Mon, 10 Jun 2019 10:53:15 +0200
Subject: [PATCH] rhel8: remove ecryptfs support Subject: [PATCH 2/3] rhel8: remove ecryptfs support
--- ---
profiles/nis/README | 3 --- profiles/nis/README | 3 ---
@ -26,7 +26,7 @@ Subject: [PATCH] rhel8: remove ecryptfs support
19 files changed, 3 insertions(+), 36 deletions(-) 19 files changed, 3 insertions(+), 36 deletions(-)
diff --git a/profiles/nis/README b/profiles/nis/README diff --git a/profiles/nis/README b/profiles/nis/README
index b8453bd357a1cec0d3c1981257271170f029fe8c..8b2cc1baa8a3429039f5bbeb0778113238ef6633 100644 index 895e8fa8650c04d41bf8bc8d6e3cda18db9bf814..71e23d61a8c1ea773c98524256a5eaad5a75d197 100644
--- a/profiles/nis/README --- a/profiles/nis/README
+++ b/profiles/nis/README +++ b/profiles/nis/README
@@ -21,9 +21,6 @@ with-mkhomedir:: @@ -21,9 +21,6 @@ with-mkhomedir::
@ -40,28 +40,28 @@ index b8453bd357a1cec0d3c1981257271170f029fe8c..8b2cc1baa8a3429039f5bbeb07781132
Enable authentication with fingerprint reader through *pam_fprintd*. Enable authentication with fingerprint reader through *pam_fprintd*.
diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
index 278487b2a0f9ce103afebb0809ffffa2cfbbba7e..8d6bc3fe8ada7305280503bfa350cd78723c988a 100644 index 3a2609df4ca29cdfcbff84b37576bb7b840d72b2..0b2f583a2fcf164647f7de387e9be2982bdf36cb 100644
--- a/profiles/nis/fingerprint-auth --- a/profiles/nis/fingerprint-auth
+++ b/profiles/nis/fingerprint-auth +++ b/profiles/nis/fingerprint-auth
@@ -16,7 +16,6 @@ password required pam_deny.so @@ -15,7 +15,6 @@ password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
-session optional pam_systemd.so -session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"} session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
index 2ce77fded674684987849b027debe2b17a7bac94..46786cc8c2c90a2be98d71684b9286c37ff5b678 100644 index f181a58ab7792c7e1a4234e677cbb7e3d0a6548d..79fb521eb5dff4978203166491b185887d1ec744 100644
--- a/profiles/nis/password-auth --- a/profiles/nis/password-auth
+++ b/profiles/nis/password-auth +++ b/profiles/nis/password-auth
@@ -21,7 +21,6 @@ password required pam_deny.so @@ -18,7 +18,6 @@ password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
-session optional pam_systemd.so -session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"} session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/nis/postlogin b/profiles/nis/postlogin diff --git a/profiles/nis/postlogin b/profiles/nis/postlogin
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644 index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
@ -76,19 +76,19 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed} session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
index d1f270a9e6f0ded1ff2d9c24fcd78c31e7a6debe..25148b060ecd0b52868386abf14ca5a9fd8fdfc3 100644 index bc3f402435aafb5294dbae94096b184af51cf914..38c10c1afcf936c1d24d8edef941ae849d1186fc 100644
--- a/profiles/nis/system-auth --- a/profiles/nis/system-auth
+++ b/profiles/nis/system-auth +++ b/profiles/nis/system-auth
@@ -22,7 +22,6 @@ password required pam_deny.so @@ -19,7 +19,6 @@ password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
-session optional pam_systemd.so -session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"} session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/sssd/README b/profiles/sssd/README diff --git a/profiles/sssd/README b/profiles/sssd/README
index a2b52b7d4178bfaca260d31267dac396b514e656..b007621a4abd6423605507af5b03131c58a44f29 100644 index 61d5aedf65b2351cf23cea0a6b6b0932e32f0e48..ab9af237442089ded86b63942dd856397108ccf0 100644
--- a/profiles/sssd/README --- a/profiles/sssd/README
+++ b/profiles/sssd/README +++ b/profiles/sssd/README
@@ -40,9 +40,6 @@ with-mkhomedir:: @@ -40,9 +40,6 @@ with-mkhomedir::
@ -102,28 +102,28 @@ index a2b52b7d4178bfaca260d31267dac396b514e656..b007621a4abd6423605507af5b03131c
Enable authentication with smartcards through SSSD. Please note that Enable authentication with smartcards through SSSD. Please note that
smartcard support must be also explicitly enabled within smartcard support must be also explicitly enabled within
diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
index 01b70f3533149d00700859f3e0a1c3f2abb33a8a..b9bbc63d96e1d982a54b537402fed5e2201ce533 100644 index 20ad3613e66ec85c7d2462d0449854e522383b3a..dc7befe7a4839a1ae5a4d21f4e5232126df55564 100644
--- a/profiles/sssd/fingerprint-auth --- a/profiles/sssd/fingerprint-auth
+++ b/profiles/sssd/fingerprint-auth +++ b/profiles/sssd/fingerprint-auth
@@ -18,7 +18,6 @@ password required pam_deny.so @@ -20,7 +20,6 @@ password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
-session optional pam_systemd.so -session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"} session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
index c61630d5a71772c61cbdcce00bb5b64a83e87d8e..fe2e3a4bf68fb53e46af56577c9d67c7eabf2fff 100644 index 3e33dcc09f68055f2f87709e638005929bd577b3..858c6db357d07dc554806f4807f9b0858a649f44 100644
--- a/profiles/sssd/password-auth --- a/profiles/sssd/password-auth
+++ b/profiles/sssd/password-auth +++ b/profiles/sssd/password-auth
@@ -27,7 +27,6 @@ password required pam_deny.so @@ -28,7 +28,6 @@ password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
-session optional pam_systemd.so -session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"} session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/sssd/postlogin b/profiles/sssd/postlogin diff --git a/profiles/sssd/postlogin b/profiles/sssd/postlogin
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644 index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
@ -138,31 +138,31 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed} session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth
index a47f44389d89797b2404ce44a78c2bc8a936225d..a15a033f58b766074ccc6a271f146341ff62f2e4 100644 index 0d8bcab250633b09bce0232a5747f3a7e740d5d7..754847f2d8885ff35cbc57ec2364d82b963caa3b 100644
--- a/profiles/sssd/smartcard-auth --- a/profiles/sssd/smartcard-auth
+++ b/profiles/sssd/smartcard-auth +++ b/profiles/sssd/smartcard-auth
@@ -16,7 +16,6 @@ account required pam_permit.so @@ -18,7 +18,6 @@ account required pam_permit.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
-session optional pam_systemd.so -session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"} session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
index 0c53fc0c326a6ab9b9720c3c0de4f7377431f689..788c92ba27f9b0febdbe00f265bc75e754aca8df 100644 index a43341120f55bad3fb07dfea1c04453d0a278329..88c49e2dd5b60847d1d19154622a8614a21e5e1f 100644
--- a/profiles/sssd/system-auth --- a/profiles/sssd/system-auth
+++ b/profiles/sssd/system-auth +++ b/profiles/sssd/system-auth
@@ -32,7 +32,6 @@ password required pam_deny.so @@ -35,7 +35,6 @@ password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
-session optional pam_systemd.so -session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"} session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/winbind/README b/profiles/winbind/README diff --git a/profiles/winbind/README b/profiles/winbind/README
index e711b546c51fbe1ccf30b203cb854398d5e95caa..72f55e640c04bd539bef979da71d6d9ee0a2fd72 100644 index 0048c29256f5d4064edfb84a2f4b761fd09e90f6..6f7a7cab1efc768c4c82791d6a8f00def1771d37 100644
--- a/profiles/winbind/README --- a/profiles/winbind/README
+++ b/profiles/winbind/README +++ b/profiles/winbind/README
@@ -33,9 +33,6 @@ with-mkhomedir:: @@ -33,9 +33,6 @@ with-mkhomedir::
@ -176,28 +176,28 @@ index e711b546c51fbe1ccf30b203cb854398d5e95caa..72f55e640c04bd539bef979da71d6d9e
Enable authentication with fingerprint reader through *pam_fprintd*. Enable authentication with fingerprint reader through *pam_fprintd*.
diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
index 0beff74eba83f12c4ad5a6147a6194608cd047e3..cdc61a1e9ff2ff8d58b58a076f001933092d0a90 100644 index e8997c6c78ce7305fa7068fb169c05c68167880d..c5485ab848989a252e4ff4b1376a41202d21fd67 100644
--- a/profiles/winbind/fingerprint-auth --- a/profiles/winbind/fingerprint-auth
+++ b/profiles/winbind/fingerprint-auth +++ b/profiles/winbind/fingerprint-auth
@@ -17,7 +17,6 @@ password required pam_deny.so @@ -19,7 +19,6 @@ password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
-session optional pam_systemd.so -session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"} session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
index 455add4c0c6aa2fecc850dc2b315998c6b4c4fb5..d60fb34c1c9a4f49f68b5c036a72127996bff9be 100644 index 58705f3b15165c8d8bd4938889e3fb4d89c1a528..e84e2fcbb2bad9af6156e6e6db23f089f2b5d210 100644
--- a/profiles/winbind/password-auth --- a/profiles/winbind/password-auth
+++ b/profiles/winbind/password-auth +++ b/profiles/winbind/password-auth
@@ -24,7 +24,6 @@ password required pam_deny.so @@ -25,7 +25,6 @@ password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
-session optional pam_systemd.so -session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"} session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/winbind/postlogin b/profiles/winbind/postlogin diff --git a/profiles/winbind/postlogin b/profiles/winbind/postlogin
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644 index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
@ -212,51 +212,51 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed} session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
index 5b383f70df6f03f59c6ab3b1dd5686382745b978..c169d7f3b75893ba61d60e085ef86bb658debf5b 100644 index 994c342441a0ed2738765a9fa7f6cc84f692d1d8..b5c5cfaa964a31b1cd8ac4cb62998c0a0a53a03e 100644
--- a/profiles/winbind/system-auth --- a/profiles/winbind/system-auth
+++ b/profiles/winbind/system-auth +++ b/profiles/winbind/system-auth
@@ -25,7 +25,6 @@ password required pam_deny.so @@ -26,7 +26,6 @@ password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
-session optional pam_systemd.so -session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"} session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
index e4b8c05c6a11a215529ba66f8b36b72a6ac18448..4e39b7ec66d0e2ba911c7280467ba78fd29c196c 100755 index 8334293911d1d4c2d98a6d233b91fc348cf06575..55e205bae2c0b1f7892f8b286c288dfeaa26a60d 100755
--- a/src/compat/authcompat.py.in.in --- a/src/compat/authcompat.py.in.in
+++ b/src/compat/authcompat.py.in.in +++ b/src/compat/authcompat.py.in.in
@@ -520,7 +520,6 @@ class AuthCompat: @@ -523,7 +523,6 @@ class AuthCompat:
'smartcard' : 'with-smartcard', 'smartcard': 'with-smartcard',
'requiresmartcard' : 'with-smartcard-required', 'requiresmartcard': 'with-smartcard-required',
'fingerprint' : 'with-fingerprint', 'fingerprint': 'with-fingerprint',
- 'ecryptfs' : 'with-ecryptfs', - 'ecryptfs': 'with-ecryptfs',
'mkhomedir' : 'with-mkhomedir', 'mkhomedir': 'with-mkhomedir',
'faillock' : 'with-faillock', 'faillock': 'with-faillock',
'pamaccess' : 'with-pamaccess', 'pamaccess': 'with-pamaccess',
diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
index c8f52ab6773c4cd5371f32121dba8053f3443261..433a3340bac29739174e78928701214c08ec6f3c 100644 index d26dedabdfb9519861076b58cddd0dd0eb04b7cb..5c8b21b55014198d6d9dfc98bd807c3c922b06f4 100644
--- a/src/compat/authcompat_Options.py --- a/src/compat/authcompat_Options.py
+++ b/src/compat/authcompat_Options.py +++ b/src/compat/authcompat_Options.py
@@ -93,7 +93,6 @@ class Options: @@ -93,7 +93,6 @@ class Options:
Option.Valued ("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")), Option.Valued("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")),
Option.Feature("requiresmartcard",_("require smart card for authentication by default")), Option.Feature("requiresmartcard", _("require smart card for authentication by default")),
Option.Feature("fingerprint", _("authentication with fingerprint readers by default")), Option.Feature("fingerprint", _("authentication with fingerprint readers by default")),
- Option.Feature("ecryptfs", _("automatic per-user ecryptfs")), - Option.Feature("ecryptfs", _("automatic per-user ecryptfs")),
Option.Feature("krb5", _("Kerberos authentication by default")), Option.Feature("krb5", _("Kerberos authentication by default")),
Option.Valued ("krb5kdc", _("<server>"), _("default Kerberos KDC")), Option.Valued("krb5kdc", _("<server>"), _("default Kerberos KDC")),
Option.Valued ("krb5adminserver", _("<server>"), _("default Kerberos admin server")), Option.Valued("krb5adminserver", _("<server>"), _("default Kerberos admin server")),
@@ -141,6 +140,7 @@ class Options: @@ -141,6 +140,7 @@ class Options:
# layers and will produce warning when used. They will not affect # layers and will produce warning when used. They will not affect
# the system. # the system.
Option.UnsupportedFeature("cache"), Option.UnsupportedFeature("cache"),
+ Option.UnsupportedFeature("ecryptfs"), + Option.UnsupportedFeature("ecryptfs"),
Option.UnsupportedFeature("shadow"), Option.UnsupportedFeature("shadow"),
Option.UnsupportedSwitch ("useshadow"), Option.UnsupportedSwitch("useshadow"),
Option.UnsupportedFeature("md5"), Option.UnsupportedFeature("md5"),
diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c89e9c4ffb 100644 index 3513a7e7cd3d7cc0045167e8224248c5be90ab2c..888cd4e5a0750d4e1aa5898887f5f7fd42472741 100644
--- a/src/man/authselect-migration.7.adoc --- a/src/man/authselect-migration.7.adoc
+++ b/src/man/authselect-migration.7.adoc +++ b/src/man/authselect-migration.7.adoc
@@ -80,7 +80,6 @@ configuration file for required services. @@ -80,7 +80,6 @@ configuration file for required services.
@ -267,7 +267,7 @@ index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c8
|--enablemkhomedir |with-mkhomedir |--enablemkhomedir |with-mkhomedir
|--enablefaillock |with-faillock |--enablefaillock |with-faillock
|--enablepamaccess |with-pamaccess |--enablepamaccess |with-pamaccess
@@ -95,8 +94,8 @@ authselect select sssd with-faillock @@ -103,8 +102,8 @@ authselect select sssd with-faillock
authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall
authselect select sssd with-smartcard authselect select sssd with-smartcard
@ -279,5 +279,5 @@ index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c8
authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
realm join -U Administrator --client-software=winbind WINBINDDOMAIN realm join -U Administrator --client-software=winbind WINBINDDOMAIN
-- --
2.20.1 2.34.1

6
SOURCES/0903-rhel8-Revert-profiles-add-support-for-resolved.patch
View File

@ -1,7 +1,7 @@
From f2eaf5548f32cb4db51aa5002ad964a975310d5e Mon Sep 17 00:00:00 2001 From 9009c94f3abf85954ffc04c354c6eaff715b4512 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 25 Nov 2020 14:05:00 +0100 Date: Wed, 25 Nov 2020 14:05:00 +0100
Subject: [PATCH] rhel8: Revert "profiles: add support for resolved" Subject: [PATCH 3/3] rhel8: Revert "profiles: add support for resolved"
systemd-resolved should not be enabled by default on rhel8. systemd-resolved should not be enabled by default on rhel8.
@ -38,5 +38,5 @@ index 50a3ffb7431a91b88b4bfef4c09df19310fac7e7..9bee7d839f84ff39d54cb6ead9dea38e
netgroup: files nis {exclude if "with-custom-netgroup"} netgroup: files nis {exclude if "with-custom-netgroup"}
networks: files nis {exclude if "with-custom-networks"} networks: files nis {exclude if "with-custom-networks"}
-- --
2.25.4 2.34.1

24
SPECS/authselect.spec
View File

@ -2,8 +2,8 @@
%define _empty_manifest_terminate_build 0 %define _empty_manifest_terminate_build 0
Name: authselect Name: authselect
Version: 1.2.2 Version: 1.2.5
Release: 3%{?dist} Release: 1%{?dist}
Summary: Configures authentication and identity sources from supported profiles Summary: Configures authentication and identity sources from supported profiles
URL: https://github.com/authselect/authselect URL: https://github.com/authselect/authselect
@ -12,10 +12,6 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
%global makedir %{_builddir}/%{name}-%{version} %global makedir %{_builddir}/%{name}-%{version}
Patch0001: 0001-profiles-try_first_pass-has-no-effect-on-pam_unix-an.patch
Patch0002: 0002-cli-use-gettext-on-common-options.patch
Patch0003: 0003-po-update-translations.patch
# Downstream only # Downstream only
Patch0901: 0901-rhel8-remove-mention-of-Fedora-Change-page-in-compat.patch Patch0901: 0901-rhel8-remove-mention-of-Fedora-Change-page-in-compat.patch
Patch0902: 0902-rhel8-remove-ecryptfs-support.patch Patch0902: 0902-rhel8-remove-ecryptfs-support.patch
@ -34,6 +30,7 @@ BuildRequires: po4a
BuildRequires: %{_bindir}/a2x BuildRequires: %{_bindir}/a2x
BuildRequires: libcmocka-devel >= 1.0.0 BuildRequires: libcmocka-devel >= 1.0.0
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
BuildRequires: python3-devel
Requires: authselect-libs%{?_isa} = %{version}-%{release} Requires: authselect-libs%{?_isa} = %{version}-%{release}
Suggests: sssd Suggests: sssd
Suggests: samba-winbind Suggests: samba-winbind
@ -68,7 +65,6 @@ command line tool and any other potential front-ends.
Summary: Tool to provide minimum backwards compatibility with authconfig Summary: Tool to provide minimum backwards compatibility with authconfig
Obsoletes: authconfig < 7.0.1-6 Obsoletes: authconfig < 7.0.1-6
Provides: authconfig Provides: authconfig
BuildRequires: python3-devel
Requires: authselect%{?_isa} = %{version}-%{release} Requires: authselect%{?_isa} = %{version}-%{release}
Recommends: oddjob-mkhomedir Recommends: oddjob-mkhomedir
Suggests: sssd Suggests: sssd
@ -101,7 +97,7 @@ done
%build %build
autoreconf -if autoreconf -if
%configure --with-pythonbin="%{__python3}" %configure --with-pythonbin="%{__python3}" --with-compat
%make_build %make_build
%check %check
@ -156,11 +152,15 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%dir %{_datadir}/authselect/default/nis/ %dir %{_datadir}/authselect/default/nis/
%dir %{_datadir}/authselect/default/sssd/ %dir %{_datadir}/authselect/default/sssd/
%dir %{_datadir}/authselect/default/winbind/ %dir %{_datadir}/authselect/default/winbind/
%{_datadir}/authselect/default/minimal/dconf-db
%{_datadir}/authselect/default/minimal/dconf-locks
%{_datadir}/authselect/default/minimal/fingerprint-auth
%{_datadir}/authselect/default/minimal/nsswitch.conf %{_datadir}/authselect/default/minimal/nsswitch.conf
%{_datadir}/authselect/default/minimal/password-auth %{_datadir}/authselect/default/minimal/password-auth
%{_datadir}/authselect/default/minimal/postlogin %{_datadir}/authselect/default/minimal/postlogin
%{_datadir}/authselect/default/minimal/README %{_datadir}/authselect/default/minimal/README
%{_datadir}/authselect/default/minimal/REQUIREMENTS %{_datadir}/authselect/default/minimal/REQUIREMENTS
%{_datadir}/authselect/default/minimal/smartcard-auth
%{_datadir}/authselect/default/minimal/system-auth %{_datadir}/authselect/default/minimal/system-auth
%{_datadir}/authselect/default/nis/dconf-db %{_datadir}/authselect/default/nis/dconf-db
%{_datadir}/authselect/default/nis/dconf-locks %{_datadir}/authselect/default/nis/dconf-locks
@ -170,6 +170,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%{_datadir}/authselect/default/nis/postlogin %{_datadir}/authselect/default/nis/postlogin
%{_datadir}/authselect/default/nis/README %{_datadir}/authselect/default/nis/README
%{_datadir}/authselect/default/nis/REQUIREMENTS %{_datadir}/authselect/default/nis/REQUIREMENTS
%{_datadir}/authselect/default/nis/smartcard-auth
%{_datadir}/authselect/default/nis/system-auth %{_datadir}/authselect/default/nis/system-auth
%{_datadir}/authselect/default/sssd/dconf-db %{_datadir}/authselect/default/sssd/dconf-db
%{_datadir}/authselect/default/sssd/dconf-locks %{_datadir}/authselect/default/sssd/dconf-locks
@ -189,6 +190,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%{_datadir}/authselect/default/winbind/postlogin %{_datadir}/authselect/default/winbind/postlogin
%{_datadir}/authselect/default/winbind/README %{_datadir}/authselect/default/winbind/README
%{_datadir}/authselect/default/winbind/REQUIREMENTS %{_datadir}/authselect/default/winbind/REQUIREMENTS
%{_datadir}/authselect/default/winbind/smartcard-auth
%{_datadir}/authselect/default/winbind/system-auth %{_datadir}/authselect/default/winbind/system-auth
%{_libdir}/libauthselect.so.* %{_libdir}/libauthselect.so.*
%{_mandir}/man5/authselect-profiles.5* %{_mandir}/man5/authselect-profiles.5*
@ -290,6 +292,12 @@ exit 0
exit 0 exit 0
%changelog %changelog
* Thu May 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.2.5-1
- Rebase to 1.2.5 (RHBZ #2080238)
- sssd profile with-smartcard no longer prevents local users from accessing cron (RHBZ #2070325)
- backup-restore now works correctly (RHBZ #2066535)
- add with-subid to sssd profile (RHBZ #2063750)
* Wed Jul 14 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-3 * Wed Jul 14 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-3
- Update translations (RHBZ #1961625) - Update translations (RHBZ #1961625)