#6907 Changes/Authselect: new tool to replace authconfig
Closed: Fixed 3 years ago Opened 3 years ago by jreznik.

Authselect is a tool to select system authentication and identity sources from a list of supported profiles.

It is designed to be a replacement for authconfig but it takes a different approach to configure the system. Instead of letting the administrator build the pam stack with a tool (which may potentially end up with a broken configuration), it would ship several tested stacks (profiles) that solve a use-case and are well tested and supported. At the same time, some obsolete features of authconfig would not be supported by authselect.

This tool aims to be first shipped along and later deprecate and later replace authconfig in a future Fedora release.

Change page for review: https://fedoraproject.org/wiki/Changes/Authselect
Owner: @pbrezina

Is this tool intended to be installed by default? Will it be part of the minimal install set? What dependencies does it have? (Current authconfig pulls in python, which is not ideal for compactness.)

For F27, authconfig stays as default (thus a self-contained change). Authselect will be just shown as an option to users and community so they can try it out and hopefully provide some feedback. Therefore authselect will not be installed by default in this version.

For F28, we would like to have it as default and a part of minimal install set.

Authselect is written in C as a standalone library and cli so it can be easily picked up by tools like realmd or ansible. The code is not yet completed, there won't be any dependencies (maybe popt but that's to be decided).

Metadata Update from @mohanboddu:
- Issue tagged with: changes, f27

3 years ago

Thanks for the info and atm there is no releng work needed.

Please keep us updated if anything changes.


Metadata Update from @mohanboddu:
- Issue tagged with: change-noreleng

3 years ago

Metadata Update from @mohanboddu:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.