LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-23-2012, 03:09 PM   #1
dcarrington
Member
 
Registered: Dec 2011
Distribution: RHEL, CentOS, Ubuntu
Posts: 57

Rep: Reputation: 2
auth --enablead


Hello,

I am working on re-vamping our kickstart files so that various config files on a freshly built system are not being flagged as being different from the centrally managed files in Satellite.

One place we're getting flagged is from the following line in the kickstart file:
auth --enablemd5 --enableshadow --enablekrb5 --enableldap --enableldapssl --ldapserver <snip>...
This causes the /etc/ldap.conf file to contain:
pam_password md5
But, our centrally managed file contains:
pam_password ad
Yes, I can just push out the file from Satellite, but I'd rather just have it be correct to begin with. What I don't know is ultimately what will happen if I change the line to "auth --enablead ..."

Not sure if that tries to use SAMBA (which we don't use) or if there would be any unforseen issues.

Can anyone out there help me to better understand these flags?

Thanks in advance!
 
Old 02-23-2012, 03:17 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
is that even a kickstart option? where did you see it? I can't find any reference to it apart from here - http://pubs.vmware.com/vsphere-4-esx...art_diffs.html

why haven't you just tried it? I don't understand why you're asking instead of building a test box..?

It's a bit of a drastic step, but you might like to consider puppet over the awful config management stuff satellite uses. So you build a very basic kick start and then add all the fun stuff later with puppet

Last edited by acid_kewpie; 02-23-2012 at 03:20 PM.
 
Old 02-23-2012, 04:51 PM   #3
dcarrington
Member
 
Registered: Dec 2011
Distribution: RHEL, CentOS, Ubuntu
Posts: 57

Original Poster
Rep: Reputation: 2
I'm not familiar with puppet. I'm new to the RHEL world and working with an established platform.

As far as just trying it, I have done so. Built a VM and tried the "--enablead" instead of "--enablemd5" and now the /etc/ldap.conf line is "pam_password crypt" instead of "pam_password ad"

I'm going to keep plugging away at this, but didn't know if maybe someone could help speed me along to a solution.

Thanks!!
 
Old 02-23-2012, 05:03 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
well as the link suggests, --enablead looks like it's not a legal kickstart option.
 
Old 02-24-2012, 11:31 AM   #5
dcarrington
Member
 
Registered: Dec 2011
Distribution: RHEL, CentOS, Ubuntu
Posts: 57

Original Poster
Rep: Reputation: 2
Well, I'm attempting what I think may be a work-around, but I'm not sure it there will be any issues with it that I may not be aware of.

Basically, I added a line at the end of the script:

sed -i "s|md5|ad|g" /etc/ldap.conf

This makes the replacement in the config file and, so far as I can tell, I'm still able to access the system as normal. It seems to me that this is a pretty ugly way to do it, plus I don't know if it could cause problems elsewhere.

Is this a sufficient way to handle this issue or am I setting myself up for some unexpected headaches later?

Thanks!!
 
Old 02-24-2012, 01:43 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Well I've never used that pam option, but I've certainly written a LOT of postscripts. As long as they're written well, they're fine.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix - allow non-auth connections from local network, relay mail via SASL AUTH fantasygoat Linux - Server 1 10-14-2011 04:45 PM
Kerberos Auth IwantLINUX Linux - Newbie 2 05-06-2007 02:22 AM
non-auth mirror emetib Linux - Networking 1 11-16-2004 12:19 AM
QMAIL AUTH LOGIN AUTH=LOGIN Arghhhhhhhh DrNeil Linux - Networking 3 09-04-2004 10:07 AM
Telnet auth attayeb Linux - Software 1 04-03-2004 06:01 PM


All times are GMT -5. The time now is 10:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration