Finn Fysj via FreeIPA-users wrote:
> Hi,
>
> First: is it possible to ignore the authselect configuration during FreeIPA
> server installation?
> Reason I'm asking is because we're hardening the OS before we run FreeIPA
> installation, meaning there have been issues with UMASK and authselect
> overwrite.
>
> FreeIPA installation does not support UMASK stricter than 022.
> The FreeIPA installation also changes our authselect configuration as we
> configure this as part of our OS hardening and setting the immutable flag on
> some of these config files.
>
> We don't want FreeIPA installation to configure the authselect. Unfortunately
> we haven't found anything in
> /usr/lib/python3.9/site-packages/ipaplatform/redhat/authconfig.py that let us
> do this. Is it possible to ignore this?
There is not currently.
I guess I would suggest hardening after installing IPA. You're moving
into an untested/unsupported configuration so keep that in mind. There
be dragons.
rob
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue