• Type: Story
• Resolution: Obsolete
• Priority: Minor
• Fix Version/s: RH342 - RHEL8.4-en-4-20240626
• Affects Version/s: RH342 - RHEL 7.2 1 20160321
• Component/s: RH342
• Labels:

  • improvement

[PTL-6989] RH342-59: Ch 11 - Lab Paris - updating cacert hashes

Collapse comment: Ashish Lingayat added a comment - 2024/05/22 4:42 AM

Ashish Lingayat added a comment - 2024/05/22 4:42 AM

The reported bug was for RHEL 7.2 and the current version of the course is based on RHEL 8.4 and found no content for which the bug was reported. 

Expand comment: Ashish Lingayat added a comment - 2024/05/22 4:42 AM

Ashish Lingayat added a comment - 2024/05/22 4:42 AM The reported bug was for RHEL 7.2 and the current version of the course is based on RHEL 8.4 and found no content for which the bug was reported. 

Collapse comment: Wander Boessenkool (Inactive) added a comment - 2016/07/18 10:10 AM

Wander Boessenkool (Inactive) added a comment - 2016/07/18 10:10 AM

While I can understand your preference for using authconfig over cacertdir_rehash, the latter is not obscure, in fact, we used to teach it in RHS333 curriculum. It is also mentioned, albeit briefly, in the Resolving Kerberos and LDAP Issues section, in chapter 9, under the TLS certificate mismatches header.

The benefit of using cacertdir_rehash is that it works for every dir you point it to, not just the directory that authconfig has blessed. In setups where authconfig was not used to configure LDAP, cacertdir_rehash still works, and authconfig has a high chance of failure.

I'm keeping this bug open for consideration during the next refresh.

Expand comment: Wander Boessenkool (Inactive) added a comment - 2016/07/18 10:10 AM

Wander Boessenkool (Inactive) added a comment - 2016/07/18 10:10 AM While I can understand your preference for using authconfig over cacertdir_rehash , the latter is not obscure, in fact, we used to teach it in RHS333 curriculum. It is also mentioned, albeit briefly, in the Resolving Kerberos and LDAP Issues section, in chapter 9, under the TLS certificate mismatches header. The benefit of using cacertdir_rehash is that it works for every dir you point it to, not just the directory that authconfig has blessed. In setups where authconfig was not used to configure LDAP, cacertdir_rehash still works, and authconfig has a high chance of failure. I'm keeping this bug open for consideration during the next refresh.

Collapse comment: Michael Stonebank (Inactive) added a comment - 2016/07/14 4:24 PM

Michael Stonebank (Inactive) added a comment - 2016/07/14 4:24 PM

I believe it just does the cacert. I tested it on paris lab and it works. Too late now, but next time I can use AIDE to see if it hits other files.

From the man page of authconfig...

If --update action is specified (...) only the files affected by the configuration changes are overwritten.
If --updateall action is specified (...) all configuration files are written.

Expand comment: Michael Stonebank (Inactive) added a comment - 2016/07/14 4:24 PM

Michael Stonebank (Inactive) added a comment - 2016/07/14 4:24 PM I believe it just does the cacert. I tested it on paris lab and it works. Too late now, but next time I can use AIDE to see if it hits other files. From the man page of authconfig... If --update action is specified (...) only the files affected by the configuration changes are overwritten. If --updateall action is specified (...) all configuration files are written.

Collapse comment: Steven Bonneville added a comment - 2016/07/14 3:17 PM

Steven Bonneville added a comment - 2016/07/14 3:17 PM

Michael, are there any side-effects of using authconfig in this case? (For example, does it attempt to do anything beyond what cacertdir_rehash does?)

Expand comment: Steven Bonneville added a comment - 2016/07/14 3:17 PM

Steven Bonneville added a comment - 2016/07/14 3:17 PM Michael, are there any side-effects of using authconfig in this case? (For example, does it attempt to do anything beyond what cacertdir_rehash does?)