[Bug 610774] Re: pam-auth-update profile for pam-group missing

Steve Langasek steve.langasek at canonical.com
Wed Jun 8 15:49:46 UTC 2011 

The pam_group module is generally regarded as a legacy method for
granting users access to resources at login, because when granted this
way it is very difficult to revoke them afterwards.  So the generally
recommended way to grant specific resource access to users at login is
with pam_consolekit or by statically adding the users to the groups you
want them to be in.

Thus, since pam_group use for this is not generally encouraged, we don't
want to provide a pam profile to make it easier for users to enable
pam_group's use.  You can always edit your pam config by hand to add the
module if you really need it.

** Changed in: pam (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/610774

Title:
  pam-auth-update profile for pam-group missing

Status in “pam” package in Ubuntu:
  Won't Fix

Bug description:
  Binary package hint: libpam-runtime

  There is no pam-auth-update profile for pam_group.so

  This makes it very difficult to actually make use of pam_group.so
  because even if I add it to /etc/pam.d/common-auth I cannot make use
  of pam-auth-update any more. This means that instead of relying on
  pam-auth-update to manage my PAM stack I will have to do it all
  manually once I start using pam_group.so

  IMHO pam-auth-update is a great invention and I hope that it will soon
  become the standard tool for this task. However, a logical consequence
  of inventing pam-auth-update is in my opinion to supply profiles for
  common PAM modules.

  I therefore would like to suggest to break out pam_group.so from
  libpam-runtime into a package of its own (libpam-group) which would
  bring the PAM module and the corresponding pam-auth-update profile.

  A user wishing to use pam_group.so would then be able to simply
  install libpam-group and have the pam_group.so module enabled
  automatically through pam-auth-update in the postinst script of
  libpam-group.

More information about the foundations-bugs mailing list