Summary: Command line tool for setting up authentication from network services
Name: authconfig
Version: 6.2.8
Release: 14%{?dist}
License: GPLv2+
ExclusiveOS: Linux
Group: System Environment/Base
URL: https://fedorahosted.org/authconfig
Source: https://fedorahosted.org/releases/a/u/%{name}/%{name}-%{version}.tar.bz2
Patch1: authconfig-6.2.8-paramcheck.patch
Patch2: authconfig-6.2.8-no-gnome-screensaver.patch
Patch3: authconfig-6.2.8-wait-for-card.patch
Patch4: authconfig-6.2.8-translation-updates.patch
Patch5: authconfig-6.2.8-norestart.patch
Patch6: authconfig-6.2.8-notraceback.patch
Patch7: authconfig-6.2.8-restorecon.patch
Patch8: authconfig-6.2.8-sssd-enable.patch
Patch10: authconfig-6.2.8-ipav2join.patch
Patch11: authconfig-6.2.8-ldapbase.patch
Patch12: authconfig-6.2.8-altfiles.patch
Patch13: authconfig-6.2.8-winbind-client.patch
Patch14: authconfig-6.2.8-services.patch
Patch15: authconfig-6.2.8-multiple-ldap-uris.patch
Patch16: authconfig-6.2.8-jointitle.patch
Patch17: authconfig-6.2.8-krb5comment.patch
Patch18: authconfig-6.2.8-localetb.patch
Patch19: authconfig-6.2.8-sssd-prompting.patch
Patch20: authconfig-6.2.8-krb5-include.patch
Patch21: authconfig-6.2.8-joinpassword.patch
Patch22: authconfig-6.2.8-template-group.patch
Patch23: authconfig-6.2.8-handle-no-realm.patch
Patch24: authconfig-6.2.8-shvfile-sort.patch
Patch25: authconfig-6.2.8-nsswitch-no-update.patch
Patch26: authconfig-6.2.8-nss-myhostname.patch
Patch27: authconfig-6.2.8-initgroups.patch
Requires: newt-python, pam >= 0.99.10.0, python, libpwquality > 0.9
Conflicts: pam_krb5 < 1.49, samba-common < 3.0, samba-client < 3.0
Conflicts: nss_ldap < 254, sssd < 0.99.1
Conflicts: freeipa-client < 2.2.0, ipa-client < 2.2.0
BuildRequires: glib2-devel, python >= 2.6, python-devel
BuildRequires: desktop-file-utils, intltool, gettext, perl-XML-Parser
Requires: /usr/bin/openssl
Requires: policycoreutils
%description
Authconfig is a command line utility which can configure a workstation
to use shadow (more secure) passwords. Authconfig can also configure a
system to be a client for certain networked user information and
authentication schemes.
%package gtk
Summary: Graphical tool for setting up authentication from network services
Group: System Environment/Base
Requires: %{name} = %{version}-%{release}, pygtk2-libglade >= 2.14.0
Requires: usermode-gtk, hicolor-icon-theme
%description gtk
Authconfig-gtk is a GUI program which can configure a workstation
to use shadow (more secure) passwords. Authconfig-gtk can also configure
a system to be a client for certain networked user information and
authentication schemes.
%prep
%setup -q -n %{name}-%{version}
%patch1 -p 1 -b .paramcheck
%patch2 -p1 -b .no-gnome-screensaver
%patch3 -p1 -b .card
%patch4 -p1 -b .translations
%patch5 -p1 -b .norestart
%patch6 -p1 -b .notraceback
%patch7 -p1 -b .restorecon
%patch8 -p1 -b .sssd-enable
%patch10 -p1 -b .ipav2join
%patch11 -p1 -b .ldapbase
%patch12 -p1 -b .altfiles
%patch13 -p1 -b .winbind-client
%patch14 -p1 -b .services
%patch15 -p1 -b .ldap-uris
%patch16 -p1 -b .jointitle
%patch17 -p1 -b .krb5comment
%patch18 -p1 -b .localetb
%patch19 -p1 -b .sssd-prompting
%patch20 -p1 -b .krb5-include
%patch21 -p1 -b .joinpassword
%patch22 -p1 -b .template-group
%patch23 -p1 -b .no-realm
%patch24 -p1 -b .sort
%patch25 -p1 -b .no-update
%patch26 -p1 -b .myhostname
%patch27 -p1 -b .initgroups
%build
%configure
make
%install
make install DESTDIR=$RPM_BUILD_ROOT
rm $RPM_BUILD_ROOT/%{_libdir}/python*/site-packages/acutilmodule.a
rm $RPM_BUILD_ROOT/%{_libdir}/python*/site-packages/acutilmodule.la
rm $RPM_BUILD_ROOT/%{_datadir}/%{name}/authconfig-tui.py
ln -s authconfig.py $RPM_BUILD_ROOT/%{_datadir}/%{name}/authconfig-tui.py
%find_lang %{name}
find $RPM_BUILD_ROOT%{_datadir} -name "*.mo" | xargs ./utf8ify-mo
%post gtk
touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
%postun gtk
if [ $1 -eq 0 ] ; then
touch --no-create %{_datadir}/icons/hicolor &>/dev/null
gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
fi
%posttrans gtk
gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%triggerin -- oddjob-mkhomedir
sed -i 's/pam_mkhomedir.so/pam_oddjob_mkhomedir.so/g' /etc/pam.d/*-auth-ac &>/dev/null || :
%files -f %{name}.lang
%defattr(-,root,root,-)
%doc COPYING NOTES TODO README.samba3
%config(noreplace) %{_sysconfdir}/sysconfig/authconfig
%ghost %config(noreplace) %{_sysconfdir}/pam.d/system-auth-ac
%ghost %config(noreplace) %{_sysconfdir}/pam.d/password-auth-ac
%ghost %config(noreplace) %{_sysconfdir}/pam.d/fingerprint-auth-ac
%ghost %config(noreplace) %{_sysconfdir}/pam.d/smartcard-auth-ac
%ghost %config(noreplace) %{_sysconfdir}/pam.d/postlogin-ac
%{_sbindir}/cacertdir_rehash
%{_sbindir}/authconfig
%{_sbindir}/authconfig-tui
%exclude %{_mandir}/man8/system-config-authentication.*
%exclude %{_mandir}/man8/authconfig-gtk.*
%{_mandir}/man8/*
%{_mandir}/man5/*
%{_libdir}/python*/site-packages/acutilmodule.so
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/authconfig.py*
%{_datadir}/%{name}/authconfig-tui.py*
%{_datadir}/%{name}/authinfo.py*
%{_datadir}/%{name}/shvfile.py*
%{_datadir}/%{name}/dnsclient.py*
%{_datadir}/%{name}/msgarea.py*
%attr(700,root,root) %dir %{_localstatedir}/lib/%{name}
%files gtk
%defattr(-,root,root,-)
%{_bindir}/authconfig
%{_bindir}/authconfig-tui
%{_bindir}/authconfig-gtk
%{_bindir}/system-config-authentication
%{_sbindir}/authconfig-gtk
%{_sbindir}/system-config-authentication
%{_mandir}/man8/system-config-authentication.*
%{_mandir}/man8/authconfig-gtk.*
%{_datadir}/%{name}/authconfig.glade
%{_datadir}/%{name}/authconfig-gtk.py*
%config(noreplace) %{_sysconfdir}/pam.d/authconfig-gtk
%config(noreplace) %{_sysconfdir}/pam.d/system-config-authentication
%config(noreplace) %{_sysconfdir}/security/console.apps/authconfig-gtk
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-authentication
%config(noreplace) %{_sysconfdir}/pam.d/authconfig
%config(noreplace) %{_sysconfdir}/pam.d/authconfig-tui
%config(noreplace) %{_sysconfdir}/security/console.apps/authconfig
%config(noreplace) %{_sysconfdir}/security/console.apps/authconfig-tui
%{_datadir}/applications/*
%{_datadir}/icons/hicolor/16x16/apps/system-config-authentication.*
%{_datadir}/icons/hicolor/22x22/apps/system-config-authentication.*
%{_datadir}/icons/hicolor/24x24/apps/system-config-authentication.*
%{_datadir}/icons/hicolor/32x32/apps/system-config-authentication.*
%{_datadir}/icons/hicolor/48x48/apps/system-config-authentication.*
%{_datadir}/icons/hicolor/256x256/apps/system-config-authentication.*
%changelog
* Thu Sep 1 2016 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-14
- overwrite nsswitch.conf if inconsistent configuration of initgroups
is present in it
* Thu Jun 30 2016 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-13
- do not overwrite kerberos settings from sssd.conf with empty data
from krb5.conf
* Fri Jun 17 2016 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-12
- updated translations from Zanata
* Thu Jun 16 2016 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-11
- add trigger to change pam configuration to use pam_oddjob_mkhomedir
instead of pam_mkhomedir if oddjob-mkhomedir is installed
- remove unusable --winbindtemplateprimarygroup option (#1242878)
- handle inconsistency when missing realm in krb5.conf
- sort the /etc/sysconfig/authconfig on write (#1320943)
- avoid unnecessary update of nsswitch.conf
- add support for myhostname nsswitch module (#1329943)
* Fri Jul 3 2015 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-10
- fix title of IPA domain join window (#1166119)
- add --unattended to IPA uninstall command (#1166131)
- do not mistake comment for krb5 realm name (#1184639)
- do not traceback with incorrect locales (#1187020)
- correct the package needed for winbind (#1190226)
- install empty /etc/sysconfig/authconfig file (#1194698)
- let SSSD prompt non-local users for passwords (#1204864)
- add includedir /var/lib/sss/pubconf/krb5.include.d/ to krb5.conf (#1207552)
- pass the password provided by --winbindjoin to net join (#1225089)
* Mon Sep 29 2014 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-9
- do not overwrite special ldap base values
- display error message if winbind or IPA domain join fails
- fix invocation of IPA domain join from GUI
- keep altfiles in nsswitch.conf if present (#1134084)
- the winbind client is now in samba-winbind package (#1084997)
- correct handling of SSSD enablement during IPA domain joins
- do not bail out if multiple LDAP URIs are specified (#1142830)
* Tue Feb 11 2014 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-8
- enable/start sssd only when config exists or enabled
for both pam and nsswitch.conf
- updated translations
* Wed Jan 29 2014 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-7
- check nslcd for restart when --enableforcelegacy is used
- call restorecon on newly created configuration files
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 6.2.8-6
- Mass rebuild 2014-01-24
* Mon Jan 20 2014 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-5
- avoid traceback when switching LDAP off in GUI
- restart only services with changed configuration
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 6.2.8-3
- Mass rebuild 2013-12-27
* Thu Dec 5 2013 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-2
- updated translations
- make pam_pkcs11 not ignore the wait_for_card option
- gnome-screensaver does not exist anymore
* Fri Nov 1 2013 Tomáš Mráz <tmraz@redhat.com> - 6.2.8-1
- detect invalid LDAP uri and report error
- fix handling of IPA domain join errors and uninstall
- add support for winbind authentication over Kerberos 5
- set umask=077 by default for pam_mkhomedir and pam_oddjob_mkhomedir
- better error checking for password quality options
* Fri Aug 23 2013 Tomáš Mráz <tmraz@redhat.com> - 6.2.7-1
- samba-winbind-clients package contains the nsswitch and pam modules (#919117)
- do not drop sss from nsswitch.conf on --update (#980861)
- writing out smartcard/fingerprint auth policy to dconf (original patch by
Ray Strode) (#990625)
- document other possible return codes from authconfig invocation (#991804)
- print error message if config file save fails (#994596)
- never stop rpcbind (#990788)
- do not disable sssd.service when --enablesssd is used (#953851)
- revert use_first_pass addition to pam_sss in password stack (#953116)
* Thu Mar 28 2013 Tomáš Mráz <tmraz@redhat.com> - 6.2.6-1
- add use_first_pass to pam_sss in password stack
- more robust initialization of sssdConfig
- check whether base DN value is a real base DN
- use non-deprecated pam_pwquality option authtok_type= instead of type=
- update lastlog for su
* Wed Dec 5 2012 Tomas Mraz <tmraz@redhat.com> - 6.2.5-1
- fix missing cache_credentials option when saving sssd.conf
- do not try to start/restart sssd with incomplete default domain
- add autofs to sssd.conf activated services
- add pam_winbind to session pam modules
* Tue Sep 25 2012 Tomas Mraz <tmraz@redhat.com> - 6.2.4-1
- backup also passwd and friends when toggling enableshadow (#853074)
- use the new smb.conf idmap config range syntax (#850824)
- use local_users_only with pam_pwquality (#849072)
- enable the authlogin_nsswitch_use_ldap SELinux boolean when enabling LDAP (#846084)
- preserve the value of cache_credentials in sssd.conf
- do not fail PAM session if pam_lastlog module fails
- use sssd also for automount map (#847823)
- enable deferred_kinit if cache_credentials is enabled (#814384)
* Thu Jul 19 2012 Tomas Mraz <tmraz@redhat.com> - 6.2.3-1
- fix missing linkage to libresolv
- add missing requires of openssl binary for cacertdir_rehash
- install missing packages via PackageKit (original patch by Stef Walter)
- add pam_lastlog to postlogin PAM configuration to display failed login
attempts
- enable the allow_ypbind SELinux boolean when enabling NIS
- try to preserve the dns_lookup_kdc and dns_lookup_realm settings
- do not use cached_login in password stack for pam_winbind
* Tue Mar 27 2012 Tomas Mraz <tmraz@redhat.com> - 6.2.2-1
- use the new --noac option with ipa-client-install
- add sss to the services entry in nsswitch.conf
- call res_init() to reread resolv.conf before res_send()
- updated translations
* Sat Feb 18 2012 Tomas Mraz <tmraz@redhat.com> - 6.2.1-1
- fix traceback in the command-line ui (#794900)
- updated translations
* Thu Feb 16 2012 Tomas Mraz <tmraz@redhat.com> - 6.2.0-1
- add support for password requirements settings
- add support for joining IPAv2 domains
* Thu Nov 24 2011 Tomas Mraz <tmraz@redhat.com> - 6.1.17-1
- fix wrong exit value of --savebackup action
- do not crash on broken SSSD configuration
- use pam_pwquality instead of pam_cracklib
* Mon Sep 12 2011 Tomas Mraz <tmraz@redhat.com> - 6.1.16-1
- fix broken --help output for languages without spaces (#734355)
- enable translation of the --help option description (#734303)
- updated translations from Transifex
* Fri Jul 22 2011 Tomas Mraz <tmraz@redhat.com> - 6.1.15-1
- add support for reading UID_MIN from login.defs (#717112)
- use systemctl if available instead of chkconfig/service (#696490)
- mention the /usr/sbin/authconfig in the manual page (#698377)
- drop the no longer touched files from authconfig manual page
add the newly touched ones (#708850)
* Tue May 17 2011 Tomas Mraz <tmraz@redhat.com> - 6.1.14-1
- new hi-res icon (#702666)
- use krb5_server instead of krb5_kdcip (#677766)
- print error message if authconfig-gtk is not run within proper X environment
* Tue Feb 8 2011 Tomas Mraz <tmraz@redhat.com> - 6.1.13-1
- support for postlogin PAM configuration and pam_ecryptfs
patch by Paolo Bonzini
* Thu Dec 23 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.12-1
- give proper warnings on missing packages if configuration
supported by SSSD (#663882)
- do not delete mdns4_minimal from nsswitch.conf (#645295)
- updated translations from Transifex
* Wed Oct 6 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.11-1
- do not restart services when configuration did not change
- dissallow setting identity or authentication services with missing
installed files (#590447)
- eliminate unnecessary updates of PAM config files and sssd.conf (#639978)
- updated translations from Transifex
* Fri Sep 17 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.10-1
- netgroups are now supported by sssd
- updated translations from Transifex
* Wed Sep 15 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.9-1
- removed support for setting up pam_smb_auth authentication - long
ago deprecated
- added code for better synchronization of files with duplicate
settings such as login.defs, libuser.conf and system-auth-ac (#565521)
* Tue Aug 10 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.8-1
- add pam_systemd to the PAM configuration (#612712)
- fix force smarcard setting read when Kerberos enabled (#620475)
- fix duplication of dialogs when the revert is cancelled (#621632)
- add --enable/disableforcelegacy option (#605857)
* Thu Jul 15 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.7-1
- fix startup of NIS services (#614856)
- fix packages for LDAP id and auth in authconfig-tui
* Thu Jun 10 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.6-1
- remove superfluous space in nsswitch.conf (#595265)
- always write to 'default' domain in sssd.conf only (#598558)
- update pam and nsswitch config only when needed
* Wed May 19 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.5-1
- fix FreeIPA configuration (#589751)
- disable the krb5 inputs if using dns discovery (#591681)
- fix GUI crash on revert
- add pam_sss to password-auth password stack (#592872)
* Tue May 4 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.4-1
- set the new icon also for the windows (#583330)
- updated translations
- disable non-smartcard PAM stacks if require smart card for authentication
- remove pam_pkcs11 from the password PAM stack
- set smartcard action also in gconf
- properly set the options for pam_pkcs11
- do not write pam_password option to nslcd.conf (#585953)
* Wed Apr 7 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.3-1
- manual page improvements (#578258, #526164)
- use ldap instead of sss for nsswitch maps unsupported by sssd (#578325)
- call cacertdir_rehash also in case ldaps: server uri is used (#578219)
- ldap_uri must be comma separated (#579881)
- updated translations
- new icon (#540249)
* Mon Mar 29 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.2-1
- fix SSSD provider change (#577263)
- drop LDAP authentication from FreeIPA choice
- updated translations
- use pam_oddjob_mkhomedir if the appropriate package is installed (#552485)
* Fri Mar 19 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.1-1
- added credential caching enablement for SSSD
- added msgarea for LDAP authentication requirements
- fix spurious missing modules warnings and other minor changes
* Thu Mar 18 2010 Tomas Mraz <tmraz@redhat.com> - 6.1.0-1
- new very much simplified GUI
- use SSSD instead of legacy ldap/krb5 if the configuration is
supported
- drop krb4 config file write (#569612)
- handle exception when running with insufficient priviledges (#572534)
- support RFC2307bis LDAP schema
* Tue Feb 2 2010 Tomas Mraz <tmraz@redhat.com> - 6.0.2-1
- fix regression from the nss_ldap/pam_ldap nslcd split
* Thu Jan 14 2010 Tomas Mraz <tmraz@redhat.com> - 6.0.1-1
- do not try to write smartcard settings if pam_pkcs11 is not
installed (#528458)
- make position of sss in nsswitch consistent with position in
system-auth (#552501)
- support nss_ldap/pam_ldap split and nslcd
* Thu Dec 10 2009 Tomas Mraz <tmraz@redhat.com> - 6.0.0-1
- support for SSSD enabling/disabling and basic support for
SSSD domain setup
- safe atomic overwrites of the config files
* Wed Nov 11 2009 Tomas Mraz <tmraz@redhat.com> - 5.4.14-1
- fixed missing truncation in the backup restores (#533881)
* Fri Sep 25 2009 Tomas Mraz <tmraz@redhat.com> - 5.4.13-1
- updated translations
* Thu Sep 17 2009 Tomas Mraz <tmraz@redhat.com> - 5.4.12-1
- fixed indentation error (#523534)
* Mon Sep 14 2009 Tomas Mraz <tmraz@redhat.com> - 5.4.11-1
- updated translations (#522444)
- silence failures when restarting services (#500385)
* Thu Apr 23 2009 Tomas Mraz <tmraz@redhat.com> - 5.4.10-1
- update PAM configuration when updating from old authconfig versions (#495924)
* Fri Apr 10 2009 Tomas Mraz <tmraz@redhat.com> - 5.4.9-1
- add support for multiple PAM auth stacks (by Ray Strode) (#494874)
* Thu Apr 2 2009 Tomas Mraz <tmraz@redhat.com> - 5.4.8-1
- fix regression in authconfig-tui (#493576)
* Mon Jan 26 2009 Tomas Mraz <tmraz@redhat.com> - 5.4.7-1
- move the consolehelper symlinks to the gtk subpackage to remove
the dependency on usermode in the base package (#480014)
- return nonzero exit codes on some more possible errors (#440461)
* Fri Dec 19 2008 Tomas Mraz <tmraz@redhat.com> - 5.4.6-1
- fix typo in the fingerprint reader patch (#477080)
* Thu Nov 27 2008 Tomas Mraz <tmraz@redhat.com> - 5.4.5-1
- improved cacertdir_rehash to be more robust
- add fingerprint reader support (original patch by Bastien Nocera) (#469418)
- remove pam_smb support from GUI and TUI
- fix nscd pid file path (#471642)
* Tue Aug 5 2008 Tomas Mraz <tmraz@redhat.com> - 5.4.4-1
- do not call domainname when run with --nostart (#457697)
* Fri Jun 6 2008 Tomas Mraz <tmraz@redhat.com> - 5.4.3-1
- remove the --enableldapssl alias and add some help to GUI tooltips
to clear up some confusion (#220973)
- add option --enablepreferdns to prefer DNS over NIS or WINS in
hostname resolution
* Tue Apr 8 2008 Tomas Mraz <tmraz@redhat.com> - 5.4.2-1
- read wins setting from nsswitch.conf correctly (#440459)
- do not ignore --enablemd5/--disablemd5 options
* Tue Mar 11 2008 Tomas Mraz <tmraz@redhat.com> - 5.4.1-1
- fixed backup directory in Makefile and spec (#437040)
* Mon Mar 10 2008 Tomas Mraz <tmraz@redhat.com> - 5.4.0-1
- include config-util in console.apps files
- add support for saving/restoring backups of configuration
files affected by authconfig (#433776)
- improve the authconfig manual page (#432023, #432938)
* Tue Jan 29 2008 Tomas Mraz <tmraz@redhat.com> - 5.3.21-1
- correct the fix for bug #237956
* Fri Jan 18 2008 Tomas Mraz <tmraz@redhat.com> - 5.3.20-1
- update translations
* Wed Jan 9 2008 Tomas Mraz <tmraz@redhat.com> - 5.3.19-1
- support new sha256 and sha512 password hash algorithms
- add support for pam_mkhomedir (#212790)
- do not crash in authconfig --help (#237956) - thanks to Andy Shevchenko for
the idea how to fix that
- setup password hash algorithm in /etc/login.defs (#218652)
- update translations
* Tue Sep 25 2007 Tomas Mraz <tmraz@redhat.com> - 5.3.18-1
- improve krb5.conf handling (#238766)
* Fri Aug 24 2007 Tomas Mraz <tmraz@redhat.com> - 5.3.17-1
- remove obsolete pam_krb5afs support (#250704)
- add support for pam_access (#251360)
- update translations
* Tue Aug 21 2007 Tomas Mraz <tmraz@redhat.com> - 5.3.16-3
- license tag fix
* Thu Aug 9 2007 Tomas Mraz <tmraz@redhat.com> - 5.3.16-2
- require newt-python (#251359)
* Wed Jul 25 2007 Tomas Mraz <tmraz@redhat.com> - 5.3.16-1
- add support for winbind offline login (#232955)
* Wed Jul 18 2007 Tomas Mraz <tmraz@redhat.com> - 5.3.15-1
- dnsclient fixes by Simo Sorce
- add Categories to .desktop file (#245868)
- fixed traceback when calling joinDomain (#245374)
- disable smart card action setting when gnome-screensaver
not installed (#209643)
- do not change protocols and services in nsswitch.conf (#236669)
* Tue Jun 12 2007 Tomas Mraz <tmraz@redhat.com> - 5.3.14-1
- authconfig.8 synopsis fixed (patch by Eric Raymond) (#220574)
- drop explicit requirement on python version as it is now
generated automatically
- improve writing /etc/samba/smb.conf (based on patch by
Simo Sorce)
- merge changes upstream
* Fri May 4 2007 Tomas Mraz <tmraz@redhat.com> - 5.3.13-4
- local nis domain is obtained from sysconfig/network (#235927)
- set "local authorization is sufficient" on by default
* Thu Apr 5 2007 Tomas Mraz <tmraz@redhat.com> - 5.3.13-3
- minor changes and cleanups for merge review (#225293)
* Mon Mar 19 2007 Tomas Mraz <tmraz@redhat.com> - 5.3.13-2
- nss_ldap is now in /usr/lib (#232975)
* Tue Dec 12 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.13-1
- another traceback in --probe and other fixes (#218874)
- make smbRealm a default realm when appropriate (#219300)
- added missing languages in LINGUAS
* Wed Nov 29 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.12-1
- when pam_krb5 auth fails with smartcard login don't enforce it
in the account stack (#214931)
- updated translations (#216570)
- winbind should be added only to user tables (#216862)
* Fri Oct 20 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.11-1
- fixed --smartcardaction command line option (#211552)
* Fri Oct 6 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.10-1
- fixed passwd PAM stack when PKCS11 enabled (#195960)
- make authconfig --probe work again (#209676)
* Mon Oct 2 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.9-1
- updated translations (#207095)
- correctly write pam_smb.conf with only one server specified (#208365)
* Thu Sep 21 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.8-1
- move options to another tab to fit on 800x600 screen (#207357)
* Tue Sep 19 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.7-1
- improve PAM setup for smart card login
- support smart card login with kerberos (PKINIT)
- add pam_pkcs11 to password PAM stack
* Mon Sep 4 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.6-1
- skip pam_unix for session for crond service
- fixed a bug in saving when smartcard settings changed (#204838)
- removed allow_ypbind setsebool as it is now handled in ypbind
* Tue Aug 29 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.5-1
- improve smart card related UI strings
- removed possibility to set smart card type from authconfig-gtk
as only coolkey will be supported for now
* Thu Aug 24 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.4-1
- pass options given to authconfig-gtk to authconfig (#203955)
* Sun Jul 23 2006 Ray Strode <rstrode@redhat.com> - 5.3.3-2
- write out new "wait_for_card" config option if we're
forcing smart card authentication
- add "use_uid" option to smart card pam_succeed_if line to
work around bug where pam_succeed_if checks user information
even in cases where the conditional doesn't depend on it.
- remove unimplemented "logout" smart card removal action from
settings
- remove unnecessary "card_only" argument
* Fri Jul 21 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.3-1
- don't start sceventd when smartcard login is enabled
- improve pam config for smartcard login
* Tue Jul 18 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.2-1
- don't require pam_pkcs11 to run
* Tue Jul 18 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.1-1
- screensavers should be authenticated by smartcard too
- add feature to download a CA certificate for LDAP from
an URL (#197103)
- add pam_keyinit session module to the PAM configuration (#198638)
* Fri Jul 7 2006 Tomas Mraz <tmraz@redhat.com> - 5.3.0-1
- added support for smartcard authentication
- fixed parsing kerberos realms
* Thu May 18 2006 Tomas Mraz <tmraz@redhat.com> - 5.2.5-1
- write ldap servers as URIs and not HOSTs (#191842)
- fix a typo in --test output
- updated summary, converted changelog to UTF-8
* Fri May 12 2006 Tomas Mraz <tmraz@redhat.com> - 5.2.4-1
- added crond to the services restarted after firstboot (#187334)
- when checking nscd status redirect output to /dev/null (#188555)
* Tue Mar 21 2006 Tomas Mraz <tmraz@redhat.com> - 5.2.3-1
- make smb.conf and krb5.conf loading more robust (#185766)
* Mon Feb 27 2006 Tomas Mraz <tmraz@redhat.com> - 5.2.2-1
- add try_first_pass option to pam_unix for better integration
with individual service configurations (#182350)
- updated translations
* Mon Feb 20 2006 Tomas Mraz <tmraz@redhat.com> - 5.2.1-1
- don't crash in TUI when some options aren't set (#182151)
* Fri Feb 3 2006 Tomas Mraz <tmraz@redhat.com> - 5.2.0-1
- redesigned GUI (#178112)
- added man page for system-config-ac (#179584)
- disable authentication of system accounts by network services
by default, added option for changing that (#179009)
- updated translations, new languages
* Mon Jan 9 2006 Tomas Mraz <tmraz@redhat.com> - 5.1.2-1
- fixed regression when saving nsswitch.conf
* Fri Jan 6 2006 Tomas Mraz <tmraz@redhat.com> - 5.1.1-1
- print warning if PAM module is missing when the PAM configuration
is saved (#168880)
* Fri Dec 23 2005 Tomas Mraz <tmraz@redhat.com>
- make child dialog preset code more robust (#176462)
* Sat Dec 17 2005 Tomas Mraz <tmraz@redhat.com> - 5.1.0-1
- update only configuration files which settings were modified (#72290)
* Mon Dec 5 2005 Tomas Mraz <tmraz@redhat.com> - 5.0.4-1
- don't ignore krb5realm command line option (#174838)
- read dns_lookup_realm and dns_lookup_kdc values correctly
- the PAM configuration is now written in system-auth-ac file
which is then symlinked from system-auth, the symlink is not
overwritten so local PAM configuration is now possible (#165342)
* Mon Nov 7 2005 Tomas Mraz <tmraz@redhat.com> - 5.0.3-1
- add symlinks to python scripts in sbindir
- don't override nullok setting from system-auth (#96996)
* Fri Oct 14 2005 Tomas Mraz <tmraz@redhat.com> - 5.0.2-1
- authinfo-tui.py is now symlink
- reword the CA certificate message (#154317)
- use include instead of pam_stack in pam config
- don't break yp.conf with multiple domains (#127306)
* Mon Sep 5 2005 Tomas Mraz <tmraz@redhat.com> - 5.0.1-1
- fixed a few errors catched by pychecker
* Sat Sep 3 2005 Tomas Mraz <tmraz@redhat.com> - 5.0.0-1
- C code completely rewritten in Python
- some bugs fixed in the process (and no doubt new introduced)
- TUI deprecated, opens only when run as authconfig-tui
* Mon Jun 20 2005 Tomas Mraz <tmraz@redhat.com> - 4.6.13-1
- set domain and ypserver option correctly when multiple servers
specified in kickstart (#159214)
* Tue Apr 12 2005 Tomas Mraz <tmraz@redhat.com> - 4.6.12-1
- replaced deprecated gtk.TRUE/FALSE (#153034)
- updated translations
* Mon Mar 14 2005 Tomas Mraz <tmraz@redhat.com>
- propagate the --enablewinbindauth option to the configuration (#151018)
* Fri Mar 4 2005 Tomas Mraz <tmraz@redhat.com> - 4.6.11-1
- changed version propagation
* Thu Mar 3 2005 Tomas Mraz <tmraz@redhat.com>
- updated translations
- fixed build on gcc4
* Wed Feb 23 2005 Tomas Mraz <tmraz@redhat.com> - 4.6.10-1
- updated translations
* Thu Feb 10 2005 Tomas Mraz <tmraz@redhat.com> - 4.6.9-1
- improved the code that writes tls_cacertdir to ldap.conf
* Tue Jan 25 2005 Tomas Mraz <tmraz@redhat.com>
- renamed functions in authconfigmodule to be more clear
- implemented cacertdir for LDAP with TLS
* Mon Jan 24 2005 Tomas Mraz <tmraz@redhat.com>
- fixed a bug in authinfo_differs when called from python
* Fri Dec 17 2004 Tomas Mraz <tmraz@redhat.com> - 4.6.8-1
- add option for making local authorization sufficient for local users
this is attempt to 'solve/workaround' the problem with blocking local logins by
pulling out network cable (#115181)
* Wed Dec 15 2004 Tomas Mraz <tmraz@redhat.com>
- remove dependency on nscd
- don't show warning messages when switching options off
* Mon Dec 6 2004 Tomas Mraz <tmraz@redhat.com> - 4.6.7-1
- updated translations
- winbind in authconfig-gtk.py was setting the nsswitch.conf on the auth tab
- use GtkComboBox instead of deprecated GtkOptionMenu
- disable options with not installed binaries, remove unnecessary deps of
authconfig-gtk
* Thu Nov 18 2004 Tomas Mraz <tmraz@redhat.com> - 4.6.6-1
- merged patches from dist
- fix versioning
* Mon Nov 8 2004 Jeremy Katz <katzj@redhat.com> - 4.6.5-6
- rebuild against python 2.4
* Thu Oct 28 2004 Dan Walsh <dwalsh@redhat.com>
- Fix setsebool patch to turn off boolean
* Thu Oct 28 2004 Dan Walsh <dwalsh@redhat.com>
- Add setsebool for NIS
* Fri Oct 15 2004 Tomas Mraz <tmraz@redhat.com>
- force broken_shadow option on network auth (#136760)
* Fri Oct 15 2004 Tomas Mraz <tmraz@redhat.com>
- force restart of autofs on firstboot call when using NIS (#133035, #124498)
* Thu Oct 07 2004 Tomas Mraz <tmraz@redhat.com>
- require python to install (#134654)
* Mon Oct 04 2004 Jindrich Novy <jnovy@redhat.com> 4.6.5-1
- updated translations from upstream
- autogeneration of build stripts in prep phase
* Thu Sep 30 2004 Jindrich Novy <jnovy@redhat.com>
- fixed man page
- added dependency on nscd
* Wed Sep 29 2004 Jindrich Novy <jnovy@redhat.com> 4.6.4-6
- regenerated build scripts
* Wed Sep 29 2004 Jindrich Novy <jnovy@redhat.com> 4.6.4-5
- fixed all po files to translate correctly messages with modified accelerators (#133742)
- added translations for Arabic, Bulgarian and other languages (#133716, #133158)
* Wed Sep 22 2004 Jindrich Novy <jnovy@redhat.com> 4.6.4-4
- added "quiet" option to pam_success_if PAM module in sytem-auth (#133179)
* Mon Sep 13 2004 Jindrich Novy <jnovy@redhat.com> 4.6.4-3
- corrected package dependencies #132411
- regenerated glade.strings.h #132369
* Wed Aug 25 2004 Jindrich Novy <jnovy@redhat.com> 4.6.4-2
- modified authconfig-gtk interface to fit lower resolution screens (#127175)
- modified accelerators in authconfig-gtk (#125797)
- updated package dependencies (#125306)
* Tue Aug 24 2004 Jindrich Novy <jnovy@redhat.com>
- updated configure scripts
- warnfixes and minor hacks
* Mon Jun 7 2004 Nalin Dahyabhai <nalin@redhat.com> 4.6.4-1
- tweak account management to fix #55193 correctly
- require anything we might want to run in the gui subpackage because it
doesn't warn about missing things and you don't have a terminal to see
error messages about missing commands
- properly display the domain in the GUI join dialog (#124621)
* Tue May 11 2004 Nalin Dahyabhai <nalin@redhat.com> 4.6.3-1
- omit the "ads" or "rpc" when calling "net join", Samba's smarter now (#122802)
- properly warn about missing "net" (samba-client) and libnss_winbind and
pam_winbind (samba-common) in text mode (#122802)
* Wed Apr 21 2004 Nalin Dahyabhai <nalin@redhat.com> 4.6.2-1
- learn all about pam_passwdqc
- preserve arguments to pam_cracklib and pam_passwdqc
- short-circuit PAM authorization checks for users with UID < 100
- remove redhat-config-authentication as a way to invoke the GUI tool (#115977)
* Fri Feb 6 2004 Nalin Dahyabhai <nalin@redhat.com> 4.6.1-1
- fix man page: --enableldapssl should be --enableldaptls
- make --enableldapssl an alias for --enableldaptls
* Thu Jan 8 2004 Nalin Dahyabhai <nalin@redhat.com> 4.6-1
- authconfig-gtk.py: require rhpl, which is required by the script (#104209)
- both: require usermode (authconfig-gtk transitively), else leave a dangling
symlink (#104209)
- the great redhat-config-authentication/system-config-authentication renaming,
as was foretold in the fedora-config-list archives
* Wed Jan 7 2004 Nalin Dahyabhai <nalin@redhat.com>
- preserve "compat" if it's used in /etc/nsswitch.conf
* Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com> 4.4-1
- add options for toggling krb5's use of DNS
* Mon Nov 17 2003 Nalin Dahyabhai <nalin@redhat.com>
- rework tui to include winbind options. there wasn't enough room in the old
dialog to include the important options, so the whole thing's been reworked
* Thu Nov 13 2003 Nalin Dahyabhai <nalin@redhat.com>
- conflict with older versions of samba which expect different configuration
* Mon Nov 10 2003 Nalin Dahyabhai <nalin@redhat.com>
- initial support for configuring winbind
* Tue Oct 28 2003 Nalin Dahyabhai <nalin@redhat.com>
- make pam_cracklib requisite instead of required in generated PAM configs
* Wed Oct 22 2003 Bill Nottingham <notting@redhat.com> 4.3.8-1
- rebuild with current translations
* Thu Aug 21 2003 Nalin Dahyabhai <nalin@redhat.com> 4.3.7-2
- make the tarball name include the release number
* Thu Aug 21 2003 Nalin Dahyabhai <nalin@redhat.com> 4.3.7-1
- authconfig-gtk: condrestart certain additional services if invoked with
the --firstboot flag (half of #91268, needs cooperating firstboot)
- translation updates
* Mon Jul 7 2003 Nalin Dahyabhai <nalin@redhat.com> 4.3.6-1
- translation updates
* Mon Jun 30 2003 Nalin Dahyabhai <nalin@redhat.com>
- add 'redhat-config-authentication' as an alias for authconfig-gtk
- make authconfig-gtk exec authconfig if gui startup fails and it looks like
we're connected to a tty
* Thu Jun 05 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Mon May 5 2003 Nalin Dahyabhai <nalin@redhat.com> 4.3.5-1
- translation updates
- close unusable file descriptors if locking fails
* Tue Feb 18 2003 Nalin Dahyabhai <nalin@redhat.com> 4.3.4-1
- learn how to toggle defaults/crypt_style in /etc/libuser.conf (#79337)
* Fri Feb 7 2003 Nalin Dahyabhai <nalin@redhat.com> 4.3.3-1
- look in /lib64 for modules for nsswitch and PAM by default on
x86_64, ppc64, and s390x (#83049)
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt
* Mon Nov 4 2002 Nalin Dahyabhai <nalin@redhat.com> 4.3.2-1
- update translations
- update copyright strings (only took 10 months!)
* Wed Oct 23 2002 Nalin Dahyabhai <nalin@redhat.com> 4.3.1-1
- require a version of PAM (0.75-43) which supports $ISA
- use $ISA in our own PAM config files
* Tue Oct 22 2002 Nalin Dahyabhai <nalin@redhat.com>
- add $ISA to the name of the directory in which we expect PAMs to be stored
* Fri Sep 20 2002 Nalin Dahyabhai <nalin@redhat.com> 4.3-1
- build with -fPIC, necessary on some arches
* Tue Sep 3 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.11-3
- update translations
* Thu Aug 29 2002 Trond Eivind Glomsrød <teg@redhat.com> 4.2.12-2
- Update translations
* Fri Aug 23 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.11-1
- modify spacing and layout in authconfig-gtk
* Thu Aug 15 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.10-4
- translation updates
- rebuild to pick up dependency changes
* Mon Jul 29 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.10-3
- include the userhelper configuration file
- require sufficiently-new pam package in the gui subpackage
* Fri Jul 26 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.10-2
- actually include the icon in the package
- translation updates
* Tue Jul 23 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.10-1
- use desktop-file-install (#69376)
- include an icon for the menu item (#68577)
* Wed Jul 17 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.9-2
- own the pkgdatadir
- pull in translation updates
* Mon Jun 3 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.9-1
- add --enable-experimental to enable some of that experimental code
- add --enable-local to enable local policies
- update translations
* Thu May 30 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.8-7
- use the current revision of python by default
- get the intltool/gettext situation sorted out
* Thu May 23 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Fri May 3 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.8-5
- remove bogus buildrequires left over from when authconfig-gtk was C code
- buildrequires python-devel in addition to python (to build the python module,
but we still need python to byte-compile the python script)
* Thu Apr 18 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.8-4
- add missing translations back in
- convert .mo files at install-time
* Mon Apr 15 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.8-3
- refresh translations
* Wed Apr 10 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.8-2
- actually add the .desktop files
* Tue Apr 9 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.8-1
- refresh translations
- destroy the python object correctly
* Tue Mar 26 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.7-2
- add the .desktop file
* Mon Mar 25 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.7-1
- rework the auth stack logic to require all applicable auth modules
* Fri Mar 1 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.6-1
- allow pam_krb5afs to be used for account management, too
* Mon Feb 25 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.5-3
- refresh translations
* Fri Feb 22 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.5-2
- refresh translations
* Tue Feb 12 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.5-1
- actually free authInfo structures when asked to
- use pam_krb5's account management facilities
- conflict with versions of pam_krb5 which don't offer account management
* Mon Feb 4 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.4-1
- add python bindings for the back-end
- redo the gui so that it exercises the python bindings
- take a shot at getting authconfig to work in a firstboot container
* Thu Jan 31 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.3-4
- rebuild again
* Wed Jan 30 2002 Tim Powers <timp@redhat.com> 4.2.3-3
- rebuilt against new glib
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.3-2
- rebuild in new environment
* Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.3-1
- add some more experimental options
- clean up the glade files a bit
- don't destroy a garbage pointer on main cancel, destroy the main dialog
* Thu Jan 3 2002 Nalin Dahyabhai <nalin@redhat.com> 4.2.2-2
- bump release and rebuild
* Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com> 4.2.2-1
- make setting of experimental options only possible through
/etc/sysconfig/authconfig, to keep accidents from happening
- add some more support for experimental stuff
* Tue Dec 11 2001 Nalin Dahyabhai <nalin@redhat.com> 4.2.1-1
- fix setting of LDAP TLS option in authconfig-gtk
- change Apply to Ok, Close to Cancel, because that's how they work
* Tue Dec 11 2001 Nalin Dahyabhai <nalin@redhat.com> 4.2-2
- add the glade XML file to the -gtk subpackage (fix from katzj)
* Mon Dec 10 2001 Nalin Dahyabhai <nalin@redhat.com> 4.2-1
- port to glib2
- move post code to the back-end
- add a libglade GUI in a -gtk subpackage
- set up to use userhelper