[Bug 1081679] Re: pam-auth-update needs a way to fine tune the order of the stack

Timo Aaltonen tjaalton at ubuntu.com
Wed Nov 21 16:40:20 UTC 2012 

then again, why can't a package ship two snippets where the other only
does the password stack with a higher priority..

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1081679

Title:
  pam-auth-update needs a way to fine tune the order of the stack

Status in “pam” package in Ubuntu:
  New

Bug description:
  libpam-sss needs special features from pam-auth-update, because on the
  auth stack pam_sss has to be below pam_unix ("mandated" by upstream,
  it had several issues of it's own), but on the password stack it needs
  to have a higher priority so that it would work properly when
  pam_cracklib is installed.

  The current config snippet:
  ..
  Priority: 128
  Password-Type: Primary
  Password:
          sufficient                                      pam_sss.so
  Password-Initial:
          sufficient                                      pam_sss.so
  ..

  ..had to drop use_authtok from non-initial case (= the default). Here
  Password-Initial is basically bogus, since it's never used. This now
  breaks when pam_cracklib is installed, since it has the highest
  priority and will always be on top. But I had to use what works for
  the default install.

  Now, I'd suggest adding support for '$STACK-Priority' or such, in this
  case 'Password-Priority: 512' which would make it higher than pam_unix
  with the default install but still lower than pam_cracklib (1024
  iirc), so both use cases would then work.

  unless this sounds too crackful, I'll try to implement it..

  ProblemType: Bug
  DistroRelease: Ubuntu 12.10
  Package: libpam-runtime 1.1.3-7ubuntu3
  ProcVersionSignature: Ubuntu 3.5.0-18.29-generic 3.5.7
  Uname: Linux 3.5.0-18-generic x86_64
  ApportVersion: 2.6.1-0ubuntu6
  Architecture: amd64
  Date: Wed Nov 21 18:12:08 2012
  InstallationDate: Installed on 2012-11-07 (14 days ago)
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
  MarkForUpload: True
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=fi_FI.UTF-8
   SHELL=/bin/zsh
  SourcePackage: pam
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1081679/+subscriptions

More information about the foundations-bugs mailing list