[Bug 624715] Re: pam_group is not idempotent
Steve Langasek
steve.langasek at canonical.com
Tue Jun 7 08:26:10 UTC 2011
This is one of the many problems with the pam_group module that
contribute to it not being recommended as a means of providing
conditional access on login: it has been all but superseded by
pam_consolekit for the standard use cases. So while I'm confirming this
bug report, please understand that it is unlikely that the Ubuntu
developers will work on fixing it.
** Changed in: pam (Ubuntu)
Importance: Undecided => Low
** Changed in: pam (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/624715
Title:
pam_group is not idempotent
Status in “pam” package in Ubuntu:
Triaged
Bug description:
If pam_group appears twice in various pam.d files (eg added to common-
auth and still present in login), it will add the user to those groups
a second time.
Actually, the extent of the problem is worse than that — if the user
is already a member of a group, they're still added a second time,
indicating that no checking is done at all!
This is definitely a pain when using NFSv3, as it has a limit of 16
supplementary groups.
More information about the foundations-bugs
mailing list