[Bug 1081679] [NEW] pam-auth-update needs a way to fine tune the order of the stack
Timo Aaltonen
tjaalton at ubuntu.com
Wed Nov 21 16:37:10 UTC 2012
Public bug reported:
libpam-sss needs special features from pam-auth-update, because on the
auth stack pam_sss has to be below pam_unix ("mandated" by upstream, it
had several issues of it's own), but on the password stack it needs to
have a higher priority so that it would work properly when pam_cracklib
is installed.
The current config snippet:
..
Priority: 128
Password-Type: Primary
Password:
sufficient pam_sss.so
Password-Initial:
sufficient pam_sss.so
..
..had to drop use_authtok from non-initial case (= the default). Here
Password-Initial is basically bogus, since it's never used. This now
breaks when pam_cracklib is installed, since it has the highest priority
and will always be on top. But I had to use what works for the default
install.
Now, I'd suggest adding support for '$STACK-Priority' or such, in this
case 'Password-Priority: 512' which would make it higher than pam_unix
with the default install but still lower than pam_cracklib (1024 iirc),
so both use cases would then work.
unless this sounds too crackful, I'll try to implement it..
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: libpam-runtime 1.1.3-7ubuntu3
ProcVersionSignature: Ubuntu 3.5.0-18.29-generic 3.5.7
Uname: Linux 3.5.0-18-generic x86_64
ApportVersion: 2.6.1-0ubuntu6
Architecture: amd64
Date: Wed Nov 21 18:12:08 2012
InstallationDate: Installed on 2012-11-07 (14 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=fi_FI.UTF-8
SHELL=/bin/zsh
SourcePackage: pam
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: pam (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug quantal running-unity
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1081679
Title:
pam-auth-update needs a way to fine tune the order of the stack
Status in “pam” package in Ubuntu:
New
Bug description:
libpam-sss needs special features from pam-auth-update, because on the
auth stack pam_sss has to be below pam_unix ("mandated" by upstream,
it had several issues of it's own), but on the password stack it needs
to have a higher priority so that it would work properly when
pam_cracklib is installed.
The current config snippet:
..
Priority: 128
Password-Type: Primary
Password:
sufficient pam_sss.so
Password-Initial:
sufficient pam_sss.so
..
..had to drop use_authtok from non-initial case (= the default). Here
Password-Initial is basically bogus, since it's never used. This now
breaks when pam_cracklib is installed, since it has the highest
priority and will always be on top. But I had to use what works for
the default install.
Now, I'd suggest adding support for '$STACK-Priority' or such, in this
case 'Password-Priority: 512' which would make it higher than pam_unix
with the default install but still lower than pam_cracklib (1024
iirc), so both use cases would then work.
unless this sounds too crackful, I'll try to implement it..
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: libpam-runtime 1.1.3-7ubuntu3
ProcVersionSignature: Ubuntu 3.5.0-18.29-generic 3.5.7
Uname: Linux 3.5.0-18-generic x86_64
ApportVersion: 2.6.1-0ubuntu6
Architecture: amd64
Date: Wed Nov 21 18:12:08 2012
InstallationDate: Installed on 2012-11-07 (14 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=fi_FI.UTF-8
SHELL=/bin/zsh
SourcePackage: pam
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1081679/+subscriptions
More information about the foundations-bugs
mailing list