[Open-scap] Using authconfig rather than hand editing files
Dan White
d_e_white at icloud.com
Thu May 31 10:41:55 UTC 2018
Trimmed for readability
On May 31, 2018, at 04:01 AM, Pavel Březina <pbrezina at redhat.com> wrote:
On 05/30/2018 06:44 PM, Dan White wrote:
There are several pam stacks managed by authconfig:
- password-auth
- system-auth
- smartcard-auth
- fingerprint-auth
- postlogin
These files are just symlinks to $name-ac files that are written by
authconfig. If you need to do any changes that should persist, remove
the symlink and than edit the file without -ac suffix. Of course this
means that you stop using authconfig, but that is alright for most cases
as you need to configure it only once.
That is the whole point of the query.
This is for security hardening.
Authconfig removes stuff that needs to stay in.
I am suggesting updates for authconfig to provide the required settings
it currently removes.
Not using authconfig would make following many Red Hat documents difficult
Šimon made a suggestion I plan to follow.
Thanks for sharing your time and thoughts.
Dan White | d_e_white at icloud.com
------------------------------------------------
“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” (Bill Waterson: Calvin & Hobbes)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180531/2b868c98/attachment.htm>
More information about the Open-scap-list
mailing list