[Bug 2064350] Re: pam_userdb.so is missing
Dan Bungert
2064350 at bugs.launchpad.net
Wed May 1 20:15:19 UTC 2024
** Description changed:
+ [ Impact ]
+
+ * In the process of bootstrapping pam for time_t, libdb-dev was
+ deliberately removed in salsa commit 65621d8 to allow libdb-dev to
+ undergo time_t transition.
+ * The result of that is no pam_userdb.so in libpam-modules
+ * The fix takes the form of correcting a build dependency, which
+ results in pam_userdb.so being again available.
+
+ [ Test Plan ]
+
+ * regression
+ * obtain a noble test system - I personally used a noble chroot
+ * adjust apt sources and ensure noble-proposed is present
+ * install libpam-modules 1.5.3-5ubuntu5.1
+ * login to the test machine with appropriate credentials - the
+ literal `login` command is useful here
+ * userdb functionality
+ * start with the same test machine from the regression test
+ * install db5.3-util
+ * modify /etc/pam.d/login to comment out all `auth` lines, and add
+ this instead
+ ```
+ auth requisite pam_userdb.so db=/etc/dbtest
+ ```
+ * create a textfile named `input` that looks like
+ ```
+ your_username
+ test_password - different than /etc/shadow
+ ```
+ * `db5.3_load -T -f input -t hash /etc/dbtest.db`
+ * login to the test machine with your_username and the
+ test_password - the literal `login` command is useful here
+
+ [ Where problems could occur ]
+
+ * As usual, no SRU has zero risk
+ * Any change to pam risks problems in user logins failing, so a
+ basic regression test has been provided
+
+ [ Other Info ]
+
+ * None at this time
+
+ original description follows
+ ---
+
The file is missing from libpam-modules.
This breaks, for example, existing vsftp configs if it is configured to use pam_userdb.so
Log:
vsftpd: PAM unable to dlopen(pam_userdb.so): /usr/lib/security/pam_userdb.so: cannot open shared object file: No such file or directory
vsftpd: PAM adding faulty module: pam_userdb.so
Apparently there was a change which removed this in the past, and it
might be the removal has not been undone, while the package has been
released nevertheless.
http://changelogs.ubuntu.com/changelogs/pool/main/p/pam/pam_1.5.3-5ubuntu5/changelog
* For now remove libdb-dev so that libdb-dev can undergo time_t
transition. That means this version of pam does not include
pam_userdb, which makes pam unsuitable for release.
-
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
$ apt-cache policy libpam-modules
libpam-modules:
- Installed: 1.5.3-5ubuntu5
- Candidate: 1.5.3-5ubuntu5
- Version table:
- *** 1.5.3-5ubuntu5 500
- 500 http://de.archive.ubuntu.com/ubuntu noble/main amd64 Packages
- 100 /var/lib/dpkg/status
+ Installed: 1.5.3-5ubuntu5
+ Candidate: 1.5.3-5ubuntu5
+ Version table:
+ *** 1.5.3-5ubuntu5 500
+ 500 http://de.archive.ubuntu.com/ubuntu noble/main amd64 Packages
+ 100 /var/lib/dpkg/status
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2064350
Title:
pam_userdb.so is missing
Status in pam package in Ubuntu:
In Progress
Status in pam source package in Noble:
New
Status in pam package in Debian:
Fix Released
Bug description:
[ Impact ]
* In the process of bootstrapping pam for time_t, libdb-dev was
deliberately removed in salsa commit 65621d8 to allow libdb-dev to
undergo time_t transition.
* The result of that is no pam_userdb.so in libpam-modules
* The fix takes the form of correcting a build dependency, which
results in pam_userdb.so being again available.
[ Test Plan ]
* regression
* obtain a noble test system - I personally used a noble chroot
* adjust apt sources and ensure noble-proposed is present
* install libpam-modules 1.5.3-5ubuntu5.1
* login to the test machine with appropriate credentials - the
literal `login` command is useful here
* userdb functionality
* start with the same test machine from the regression test
* install db5.3-util
* modify /etc/pam.d/login to comment out all `auth` lines, and add
this instead
```
auth requisite pam_userdb.so db=/etc/dbtest
```
* create a textfile named `input` that looks like
```
your_username
test_password - different than /etc/shadow
```
* `db5.3_load -T -f input -t hash /etc/dbtest.db`
* login to the test machine with your_username and the
test_password - the literal `login` command is useful here
[ Where problems could occur ]
* As usual, no SRU has zero risk
* Any change to pam risks problems in user logins failing, so a
basic regression test has been provided
[ Other Info ]
* None at this time
original description follows
---
The file is missing from libpam-modules.
This breaks, for example, existing vsftp configs if it is configured to use pam_userdb.so
Log:
vsftpd: PAM unable to dlopen(pam_userdb.so): /usr/lib/security/pam_userdb.so: cannot open shared object file: No such file or directory
vsftpd: PAM adding faulty module: pam_userdb.so
Apparently there was a change which removed this in the past, and it
might be the removal has not been undone, while the package has been
released nevertheless.
http://changelogs.ubuntu.com/changelogs/pool/main/p/pam/pam_1.5.3-5ubuntu5/changelog
* For now remove libdb-dev so that libdb-dev can undergo time_t
transition. That means this version of pam does not include
pam_userdb, which makes pam unsuitable for release.
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
$ apt-cache policy libpam-modules
libpam-modules:
Installed: 1.5.3-5ubuntu5
Candidate: 1.5.3-5ubuntu5
Version table:
*** 1.5.3-5ubuntu5 500
500 http://de.archive.ubuntu.com/ubuntu noble/main amd64 Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2064350/+subscriptions
More information about the foundations-bugs
mailing list