[CentOS] system-auth.rpmnew
Kai Schaetzl
maillists at conactive.com
Mon Jun 30 11:14:13 UTC 2008
William L. Maltby wrote on Sun, 29 Jun 2008 09:09:17 -0400:
> IMO, it's never OK w/o first examining the effects. The rpmnew is
> provided specifically because replacing the previous one may be highly
> destructive to the aims of that system's users/admins.
>
> I've not looked, but I suspect the rpmnew needs to be compared to the
> target of the symlink.
That's the point and why I'm asking. I think the rpmnew got created
because the target is a symlink (I think normally rpm overwrites a config
file if it has not been changed from the previous version, this obviously
is bound to fail in this case). The question now is, should it have
actually replaced system-auth-ca, was the symlink incorrect in the first
place, should there be both system-auth and system-auth-ca be available in
parallel, or what? I don't know for what exactly both or just one of the
files gets used, I can just assume it's some authorization. And ca file
might get used when authorizing with a certificate (remote or with a
card?).
I don't find myself in a position to assess the difference between the
files and what it means for security. The main difference between the
files seems to be something about user-ids above/below 500.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the CentOS
mailing list