Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-85175

[RHEL-9] The authselect kickstart command not generated in /root/anaconda-ks.cfg after manual installation

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-9.8
    • rhel-8.6.0, rhel-9.6
    • anaconda
    • anaconda-34.25.7.8-1.el9
    • No
    • Low
    • 2
    • rhel-anaconda
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • 25Q3 - Sep 9, 25Q4 - Oct 7
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Installing RHEL 8 used a kickstart file in which there are pwpolicy rules defined. The authselect profile is not installed by default.

      // kickstart command:

      %anaconda
      pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
      pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
      pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
      %end

      // anaconda logs:

      1. grep -i authselect /var/log/anaconda/anaconda.log 
           Task: Authselect configuration
        12:11:14,443 INF installation: Task started: Authselect configuration (20/44)
        12:11:14,447 INF progress: Authselect configuration
        12:11:14,447 DBG installation: Task completed: Authselect configuration (20/44) (0.0 s)

      // authselect profiles:

      1. ll /etc/nsswitch.conf
        rw-rr-. 1 root root 2120 Mar 27 11:56 /etc/nsswitch.conf
      1. ll /etc/authselect/
        total 4
        drwxr-xr-x. 2 root root    6 Aug  3  2023 custom
        rw-rr-. 1 root root 2120 Mar 27 12:01 user-nsswitch.conf

      ========================================

      Installing RHEL 8 manually from anaconda GUI, The authselect profile is installed by default.

      // kickstart file generated automatically under /root

      %anaconda
      pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
      pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
      pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
      %end

      // anaconda logs:

      1. grep -i authselect /var/log/anaconda/anaconda.log 
           Task: Authselect configuration
        05:45:04,605 DBG installation: Adding requirements for module org.fedoraproject.Anaconda.Modules.Security : [Requirement(name='authselect', reason='Needed by authselect kickstart command & for fingerprint authentication support.', type='package')]
        05:45:04,606 DBG payload.requirement: added package requirement 'authselect' for Needed by authselect kickstart command & for fingerprint authentication support., strong=True
        05:45:04,749 DBG payload.requirement: apply with result True called on requirements [('package', 'langpacks-ja', PayloadRequirement(id=langpacks-ja, reasons=[PayloadRequirementReason(reason='langpacks', strong=False)])), ('package', 'authselect', PayloadRequirement(id=authselect, reasons=[PayloadRequirementReason(reason='Needed by authselect kickstart command & for fingerprint authentication support.', strong=True)])), ('package', 'xfsprogs', PayloadRequirement(id=xfsprogs, reasons=[PayloadRequirementReason(reason='Required to manage storage devices.', strong=True)])), ('package', 'e2fsprogs', PayloadRequirement(id=e2fsprogs, reasons=[PayloadRequirementReason(reason='Required to manage storage devices.', strong=True)])), ('package', 'lvm2', PayloadRequirement(id=lvm2, reasons=[PayloadRequirementReason(reason='Required to manage storage devices.', strong=True)])), ('package', 'grub2', PayloadRequirement(id=grub2, reasons=[PayloadRequirementReason(reason='Necessary for the bootloader configuration.', strong=True)])), ('package', 'grub2-tools', PayloadRequirement(id=grub2-tools, reasons=[PayloadRequirementReason(reason='Necessary for the bootloader configuration.', strong=True)])), ('group', 'platform-vmware', PayloadRequirement(id=platform-vmware, reasons=[PayloadRequirementReason(reason='platform', strong=True)]))]
        05:54:21,073 INF payload.base: Installation requirements: [('package', 'langpacks-ja', PayloadRequirement(id=langpacks-ja, reasons=[PayloadRequirementReason(reason='langpacks', strong=False)])), ('package', 'authselect', PayloadRequirement(id=authselect, reasons=[PayloadRequirementReason(reason='Needed by authselect kickstart command & for fingerprint authentication support.', strong=True)])), ('package', 'xfsprogs', PayloadRequirement(id=xfsprogs, reasons=[PayloadRequirementReason(reason='Required to manage storage devices.', strong=True)])), ('package', 'e2fsprogs', PayloadRequirement(id=e2fsprogs, reasons=[PayloadRequirementReason(reason='Required to manage storage devices.', strong=True)])), ('package', 'lvm2', PayloadRequirement(id=lvm2, reasons=[PayloadRequirementReason(reason='Required to manage storage devices.', strong=True)])), ('package', 'grub2', PayloadRequirement(id=grub2, reasons=[PayloadRequirementReason(reason='Necessary for the bootloader configuration.', strong=True)])), ('package', 'grub2-tools', PayloadRequirement(id=grub2-tools, reasons=[PayloadRequirementReason(reason='Necessary for the bootloader configuration.', strong=True)])), ('group', 'platform-vmware', PayloadRequirement(id=platform-vmware, reasons=[PayloadRequirementReason(reason='platform', strong=True)]))]
        05:54:23,121 INF installation: Task started: Authselect configuration (20/44)
        05:54:23,126 INF progress: Authselect configuration
        05:54:23,126 DBG installation: Task completed: Authselect configuration (20/44) (0.0 s)

      // authselect profiles: 

      1. ll /etc/nsswitch.conf
        lrwxrwxrwx. 1 root root 29 May  7  2023 /etc/nsswitch.conf -> /etc/authselect/nsswitch.conf
      1. ll /etc/authselect/
        total 40
        rw-rr-. 1 root root   42 May  7  2023 authselect.conf
        drwxr-xr-x. 2 root root    6 Jun 19  2020 custom
        rw-rr-. 1 root root  230 May  7  2023 dconf-db
        rw-rr-. 1 root root  260 May  7  2023 dconf-locks
        rw-rr-. 1 root root 1201 May  7  2023 fingerprint-auth
        rw-rr-. 1 root root 2370 May  7  2023 nsswitch.conf
        rw-rr-. 1 root root 1932 May  7  2023 password-auth
        rw-rr-. 1 root root  393 May  7  2023 postlogin
        rw-rr-. 1 root root   91 May  7  2023 smartcard-auth
        rw-rr-. 1 root root 2004 May  7  2023 system-auth
        rw-rr-. 1 root root 1516 Jun 11  2020 user-nsswitch.conf

       

      What is the impact of this issue to you?

      The authselect profile is not installed by default. Customer has to execute "authselect select <profile> --force" after the installation or add this command to kickstart %post section.

      I confirmed this issue is both seen in RHEL 8 and RHEL 9.

      Please provide the package NVR for which the bug is seen:

      How reproducible is this bug?:

      Steps to reproduce

      1.  Use the kickstart file which is generated automatically under /root to install a new OS.
      2. After the installation, check the authselect profiles.
      3.  

      Expected results

      There should not be different between the manually installation and the kickstart installation as long as the content of the kickstart is the same.

      Actual results

        1. default_pkgs.tar.gz
          790 kB
        2. minimal_pkgs.tar.gz
          505 kB

              rh-ee-akankovs Adam Kankovsky
              rhn-support-lilhuang Lili Huang
              anaconda-maint-list anaconda-maint-list
              Release Test Team Release Test Team
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: