pam-auth-update fails to enable Default: yes profiles
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam (Ubuntu) |
Fix Released
|
Medium
|
Steve Langasek | ||
Intrepid |
Invalid
|
Medium
|
Unassigned |
Bug Description
In certain circumstances, pam-auth-update ignores the Default: lines in profiles newly arrived in /usr/share/
In particular, when the file /var/lib/pam/seen is absent it is treated effectively as if it contained every possible name. When in addition libpam-
This situation arises for me when I have modifications to /etc/pam.
I've attached a patch to the pam-auth-update in 1.0.1-4ubuntu5 that causes /var/lib/pam/seen to be treated as empty if it is absent, which seems like the right behavior and fixes this error case.
Related branches
Changed in pam: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
As a separate issue that hasn't bitten me but that I saw while editing the code, if some profiles were previously selected but all of them have now disappeared then we should presumably enter the same "use all the defaults" fallback that we do if no profiles were selected. The present version doesn't. Here's a patch (applying after the previous one) to make it do so.