[CentOS] system-auth.rpmnew

Kai Schaetzl maillists at conactive.com
Mon Jun 30 11:14:13 UTC 2008


William L. Maltby wrote on Sun, 29 Jun 2008 09:09:17 -0400:

> IMO, it's never OK w/o first examining the effects. The rpmnew is
> provided specifically because replacing the previous one may be highly
> destructive to the aims of that system's users/admins.
> 
> I've not looked, but I suspect the rpmnew needs to be compared to the
> target of the symlink.

That's the point and why I'm asking. I think the rpmnew got created 
because the target is a symlink (I think normally rpm overwrites a config 
file if it has not been changed from the previous version, this obviously 
is bound to fail in this case). The question now is, should it have 
actually replaced system-auth-ca, was the symlink incorrect in the first 
place, should there be both system-auth and system-auth-ca be available in 
parallel, or what? I don't know for what exactly both or just one of the 
files gets used, I can just assume it's some authorization. And ca file 
might get used when authorizing with a certificate (remote or with a 
card?).
I don't find myself in a position to assess the difference between the 
files and what it means for security. The main difference between the 
files seems to be something about user-ids above/below 500.


Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com






More information about the CentOS mailing list