[Bug 1611816] Re: pam_cifscreds.so not supplied in package
Brian Murray
brian at ubuntu.com
Tue Feb 28 22:03:06 UTC 2017
I've uploaded this to the SRU queues for review by the SRU team.
Thanks!
** Changed in: cifs-utils (Ubuntu Yakkety)
Status: Confirmed => In Progress
** Changed in: cifs-utils (Ubuntu Xenial)
Status: Confirmed => In Progress
** Changed in: cifs-utils (Ubuntu Yakkety)
Assignee: (unassigned) => Brian Murray (brian-murray)
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1611816
Title:
pam_cifscreds.so not supplied in package
Status in cifs-utils package in Ubuntu:
Fix Released
Status in cifs-utils source package in Xenial:
In Progress
Status in cifs-utils source package in Yakkety:
In Progress
Status in cifs-utils source package in Zesty:
Fix Released
Status in cifs-utils package in Debian:
Fix Released
Bug description:
The cifs-utils source package contains the pam_cifscreds.so PAM
module; however, this is not built and supplied in a resulting binary
package. This is necessary functionality for our local managed
deployment.
We have worked around this issue by building our own patched version
of the package; however, this is liable to be clobbered by any future
upstream updates. Hence, it would be valuable if our modifications, or
some variant of them, could be adopted upstream.
The changes required are minimal; simply add libpam0g-dev to Build-
Depends, and add some appropriate flags to ./configure in debian/rules
to ensure the requisite library is built and installed in the correct
location.
See attached patch.
## SRU Justification
[Impact]
As David has found, users are currently unable to use the cifscreds
PAM module to unlock credentials at login because existing package
doesn't compile the module along with the rest of the package.
Davids patch adds libpam-0g-dev to the Build depends, and amends the
debian rules file so that the PAM module is built along with the rest
of the application and installed into the correct location.
I'm requesting this to be backported to the existing releases, this change is a
feature which is highly desired in managed deployments, the changes are minimal and as this patch only adds functionality and is largely unobtrusive I see no reason for the Ubuntu community to benefit from its inclusion considering the regression potential is minimal.
This feature has been added to Zesty already as part of the merge done
in LP: #1660372.
[Test Case]
Install the package and check for the existance of the PAM module at:
/lib/x86_64-linux-gnu/security/pam_cifscreds.so
At present this file is missing as it isn't compiled along with the
rest of the package.
[Regression Potential]
I've been testing this myself on a number of systems and have
discovered no issues as yet, with this patch the supplied module is
built and placed into the correct location, as is the manpage, and
both perform as intended.
This change has an overall low chance of regression as it's only
adding functionality should already be there.
The only regression I could think of is that for some reason the patch
could result in some of the other binaries being linked against PAM
(and potentially have their behavior changed) as a result of the
addition of PAM, but I find this extremely unlikely, and I have
verified that PAM isn't linked to except for pam_cifscreds.so so I
find the possibility of this happening negligible.
Documentation for the feature is provided as a manpage and is
distributed along with the updated package.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1611816/+subscriptions
More information about the Ubuntu-sponsors
mailing list