[Bug 1611816] [NEW] pam_cifscreds.so not supplied in package

Launchpad Bug Tracker 1611816 at bugs.launchpad.net
Mon Feb 6 12:42:27 UTC 2017 

You have been subscribed to a public bug by Keith Ward (keithward):

The cifs-utils source package contains the pam_cifscreds.so PAM module;
however, this is not built and supplied in a resulting binary package.
This is necessary functionality for our local managed deployment.

We have worked around this issue by building our own patched version of
the package; however, this is liable to be clobbered by any future
upstream updates. Hence, it would be valuable if our modifications, or
some variant of them, could be adopted upstream.

The changes required are minimal; simply add libpam0g-dev to Build-
Depends, and add some appropriate flags to ./configure in debian/rules
to ensure the requisite library is built and installed in the correct
location.

See attached patch.

## SRU Justification

[Impact]

As David has found, users are currently unable to use the cifscreds PAM
module to unlock credentials at login because existing package doesn't
compile the module along with the rest of the package.

Davids patch adds libpam-0g-dev to the Build depends, and amends the
debian rules file so that the PAM module is built along with the rest of
the application and installed into the correct location.

I'm requesting this to be backported to the existing releases, this change is a 
feature which is highly desired in managed deployments, the changes are minimal and as this patch only adds functionality and is largely unobtrusive I see no reason for the Ubuntu community to benefit from its inclusion considering the regression potential is minimal.

This feature has been added to Zesty already as part of the merge done
in LP: #1660372.

[Test Case]

Install the package and check for the existance of the PAM module at:
 /lib/x86_64-linux-gnu/security/pam_cifscreds.so

At present this file is missing as it isn't compiled along with the rest
of the package.

[Regression Potential]

I've been testing this myself on a number of systems and have discovered
no issues as yet, with this patch the supplied module is built and
placed into the correct location, as is the manpage, and both perform as
intended.

This change has an overall low chance of regression as it's only adding
functionality should already be there.

The only regression I could think of is that for some reason the patch
could result in some of the other binaries being linked against PAM (and
potentially have their behavior changed) as a result of the addition of
PAM, but I find this extremely unlikely, and I have verified that PAM
isn't linked to except for pam_cifscreds.so so I find the possibility of
this happening negligible.

Documentation for the feature is provided as a manpage and is
distributed along with the updated package.

** Affects: cifs-utils (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: cifs-utils (Ubuntu Xenial)
     Importance: Undecided
     Assignee: Keith Ward (keithward)
         Status: In Progress

** Affects: cifs-utils (Ubuntu Yakkety)
     Importance: Undecided
     Assignee: Keith Ward (keithward)
         Status: In Progress

** Affects: cifs-utils (Ubuntu Zesty)
     Importance: Undecided
         Status: Fix Released

** Affects: cifs-utils (Debian)
     Importance: Unknown
         Status: Fix Released


** Tags: patch
-- 
pam_cifscreds.so not supplied in package
https://bugs.launchpad.net/bugs/1611816
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list