[CentOS] system-auth.rpmnew

Mon Jun 30 12:54:29 UTC 2008
Toby Bluhm <tkb at midwestinstruments.com>

Kai Schaetzl wrote:
> William L. Maltby wrote on Sun, 29 Jun 2008 09:09:17 -0400:
>
>   
>> IMO, it's never OK w/o first examining the effects. The rpmnew is
>> provided specifically because replacing the previous one may be highly
>> destructive to the aims of that system's users/admins.
>>
>> I've not looked, but I suspect the rpmnew needs to be compared to the
>> target of the symlink.
>>     
>
> That's the point and why I'm asking. I think the rpmnew got created 
> because the target is a symlink (I think normally rpm overwrites a config 
> file if it has not been changed from the previous version, this obviously 
> is bound to fail in this case). The question now is, should it have 
> actually replaced system-auth-ca, was the symlink incorrect in the first 
> place, should there be both system-auth and system-auth-ca be available in 
> parallel, or what? I don't know for what exactly both or just one of the 
> files gets used, I can just assume it's some authorization. And ca file 
> might get used when authorizing with a certificate (remote or with a 
> card?).
> I don't find myself in a position to assess the difference between the 
> files and what it means for security. The main difference between the 
> files seems to be something about user-ids above/below 500.
>
>
>   

I don't see a system-auth-ca on my 4 Centos5 systems.

My 3 systems still at C5.1 show the same:

 ls -als /etc/pam.d/system-auth*

4 lrwxrwxrwx 1 root root  14 May 10  2007 /etc/pam.d/system-auth -> 
system-auth-ac
8 -rw-r--r-- 1 root root 848 May 10  2007 /etc/pam.d/system-auth-ac
4 -rw-r--r-- 1 root root 683 Nov 10  2007 /etc/pam.d/system-auth.rpmnew

rpm -q --whatprovides /etc/pam.d/system-auth
pam-0.99.6.2-3.26.el5

rpm -q --whatprovides /etc/pam.d/system-auth-ac
authconfig-5.3.12-2.el5


My test box at C5.2:

ls -als /etc/pam.d/system-auth*

4 lrwxrwxrwx 1 root root  14 May 20 09:09 /etc/pam.d/system-auth -> 
system-auth-ac
8 -rw-r--r-- 1 root root 844 May 20 09:09 /etc/pam.d/system-auth-ac
4 -rw-r--r-- 1 root root 683 May 24 13:35 /etc/pam.d/system-auth.rpmnew

rpm -q --whatprovides /etc/pam.d/system-auth
pam-0.99.6.2-3.27.el5

rpm -q --whatprovides /etc/pam.d/system-auth-ac
authconfig-5.3.21-3.el5



-- 
Toby Bluhm
Alltech Medical Systems America, Inc.
30825 Aurora Road Suite 100
Solon Ohio 44139
440-424-2240 ext203