[Bug 805423] Re: pam_motd needs a module option to disable in-line dynamic updates

Till Klampaeckel 805423 at bugs.launchpad.net
Thu Jul 12 14:30:55 UTC 2012 

I'm on 10.04.4 (latest kernel, everything) and I just spent an entire
work-day debugging pam_motd behavior.

For some reason, one of the scripts fails (defuncts) when I try to log
into a server. Add to that, this server is on EC2 so there is no way to
use the terminal either.

Anyhow – for a sumary I've posted everything here:
http://askubuntu.com/a/162373/11244

The solution was to disable pam_motd in these files:

 /etc/pam.d/sshd
 /etc/pam.d/login

The lack of debugging facilities in here are one of the reasons why this
should be removed period. I don't really care if some people don't get a
pretty MOTD then.

The larger issue here is the potential block of a log in process, which
makes it "severe". There seems to be no way to figure out what exactly
is wrong because you are literally logged out of the instance which is
IMHO unacceptable behavior for an LTS.

There should be at least a timeout which will eventually make the
scripts fail if they cannot complete.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/805423

Title:
  pam_motd needs a module option to disable in-line dynamic updates

Status in “pam” package in Ubuntu:
  Fix Released

Bug description:
  1) lsb_release -rd
  Description:	Ubuntu 10.04.2 LTS
  Release:	10.04

  2)  Installiert: 1.1.1-2ubuntu5.3
    Kandidat: 1.1.1-2ubuntu5.3
    Versions-Tabelle:
   *** 1.1.1-2ubuntu5.3 0
          500 http://de.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
          500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
          100 /var/lib/dpkg/status
       1.1.1-2ubuntu2 0
          500 http://de.archive.ubuntu.com/ubuntu/ lucid/main Packages

  3) Login on systems with high load/a lot of io wait via ssh should
  still be possible.

  4) On servers with high load or a lot of io wait login times out,
  because pam_motd does io intensive calculations. This hurts even more
  when using nagios check_by_ssh. There should be a way to use a cron
  job again (like update-motd did). Logging into a system is more
  important than motd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/805423/+subscriptions

More information about the foundations-bugs mailing list