Package: libpam-runtime Version: 1.0.1-6 In #566718, the pam-auth-setup configuration for libpam-ccreds is described. It need two entries in common-auth, one to check the password and one to store it in the cache. Both need to be enabled for this to work. At the moment this setup require two separate files in /usr/share/pam-configs/, which allow inconsistent setup if only one of them are enabled.
These are the two files proposed for libpam-ccreds at the moment: Name: Ccreds credential caching - password checking Default: yes Priority: 0 Auth-Type: Primary Auth: [success=end default=ignore] pam_ccreds.so action=validate use_first_pass [default=ignore] pam_ccreds.so action=update Name: Ccreds credential caching - password saving Default: yes Priority: 512 Auth-Type: Additional Auth: optional pam_ccreds.so action=store As far as I know the difference in priority is not significant for ccreds. Would it be possible to allow two auth entries in the same file, one Primary and one Additional, to allow something like this: Name: Ccreds credential caching Default: yes Priority: 0 Auth-Type: Primary Auth: [success=end default=ignore] pam_ccreds.so action=validate use_first_pass [default=ignore] pam_ccreds.so action=update Auth-Type: Additional Auth: optional pam_ccreds.so action=store This way the ccreds setup would be enabled as a block, and it would not be possible to only enable part of it using pam-auth-update. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org