Bug#169930: marked as done (pam: split common-session file into separate files for interactive (terminal-based) vs. non-interactive (e.g. samba) login sessions)

[Debian Bug Tracking System]

Your message dated Mon, 24 Aug 2009 04:34:12 +0000
with message-id <e1mfrg0-0007rv...@ries.debian.org>
and subject line Bug#169930: fixed in pam 1.0.1-11
has caused the Debian Bug report #169930,
regarding pam: split common-session file into separate files for interactive 
(terminal-based) vs. non-interactive (e.g. samba) login sessions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
169930: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=169930
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: pam
Version: N/A; reported 2002-11-20
Severity: wishlist

Hi!

I want to suggest a new feature for the whole Debian PAM subsystem:
Introducing system wide used include-files for pam. I vote for four
include files to be contained in libpam0g or another base package
which define kind of a default authorization configuration. They
should be included (current versions of your pam-package contain a
patch which define @include; however, this is neither documented
anywhere, as it seems, nor used anywhere by default) by the default
PAM configuration files of other packages, especially ssh and login.
This would allow much easier and faster configuration of non-standard
authentication schemes like LDAP. You'd only need to modify a single
include files for an entire system instead of one for each package to
enable LDAP.

I'd suggest the following four files:

/etc/pam.d/system-auth.inc
     This would define generic modules for authentication. Default
     contents:
     
     auth required pam_unix.so

/etc/pam.d/system-account.inc
     Nearly the same here but for the task "account":
     Default content:
     
     account required pam_unix.so

/etc/pam.d/system-session.inc
     Nearly the same here but for the task "session":
     
     session required pam_unix.so
     session required pam_limits.so

/etc/pam.d/system-terminal.inc
     Nearly the same as system-session but including modules which
     print to the terminal (pam_motd.so, ...) Should be included by
     ssh and login, but not by samba.
     Default content:
     
     @include system-session.inc
     session optional pam_lastlog.so
     session optional pam_motd.so
     session optional pam_mail.so standard noenv
     
With these four include files /etc/pam.d/ssh would look like the
following:

<snip>
auth required pam_nologin.so
@include system-auth.inc
@include system-account.inc
@include system-terminal.inc
@include system-password.inc
</snip>

Thank you, 
  Lennart Poettering

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux whiskey 2.4.19 #1 Sam Okt 5 23:12:26 CEST 2002 i686
Locale: lang=de...@euro, lc_ctype=de...@euro

--- End Message ---

--- Begin Message ---

Source: pam
Source-Version: 1.0.1-11

We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:

libpam-cracklib_1.0.1-11_amd64.deb
  to pool/main/p/pam/libpam-cracklib_1.0.1-11_amd64.deb
libpam-doc_1.0.1-11_all.deb
  to pool/main/p/pam/libpam-doc_1.0.1-11_all.deb
libpam-modules_1.0.1-11_amd64.deb
  to pool/main/p/pam/libpam-modules_1.0.1-11_amd64.deb
libpam-runtime_1.0.1-11_all.deb
  to pool/main/p/pam/libpam-runtime_1.0.1-11_all.deb
libpam0g-dev_1.0.1-11_amd64.deb
  to pool/main/p/pam/libpam0g-dev_1.0.1-11_amd64.deb
libpam0g_1.0.1-11_amd64.deb
  to pool/main/p/pam/libpam0g_1.0.1-11_amd64.deb
pam_1.0.1-11.diff.gz
  to pool/main/p/pam/pam_1.0.1-11.diff.gz
pam_1.0.1-11.dsc
  to pool/main/p/pam/pam_1.0.1-11.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 169...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vor...@debian.org> (supplier of updated pam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 23 Aug 2009 18:07:11 -0700
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib 
libpam-doc
Architecture: source all amd64
Version: 1.0.1-11
Distribution: unstable
Urgency: low
Maintainer: Steve Langasek <vor...@debian.org>
Changed-By: Steve Langasek <vor...@debian.org>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 169930 541094 541108 541399
Changes: 
 pam (1.0.1-11) unstable; urgency=low
 .
   * debian/libpam-runtime.postinst: bump the --force version check to
     1.0.1-11, to allow for a new common-session-noninteractive config file;
     and include md5sum checking logic that will work the same with old
     unmanaged and new managed /etc/pam.d/common-* files.
   * debian/local/common-{auth,account,session,password}.md5sums: document
     the known md5sums for the new managed files.
   * debian/local/common-session-noninteractive{,.md5sums},
     debian/local/pam-auth-update: split out a session-noninteractive include
     file, so that we can at last distinguish between interactive and
     non-interactive PAM sessions at a policy level.  Closes: #169930,
     LP: #287715.
   * debian/local/pam-auth-update: prune md5sums for unsupported upgrade
     paths (intrepid pre-release -> karmic/squeeze)
   * Clean up the PAM mini-policy, which hasn't been touched in a number of
     years and was looking a bit crufty
   * debian/libpam-runtime.templates:  correctly tag the URL as a
     non-translatable string.
   * Updated debconf translations:
     - Swedish, thanks to Martin Bagge <brot...@bsnet.se> (closes: #541399)
     - Portuguese, thanks to Américo Monteiro <a_monte...@netcabo.pt>
       (closes: #541108)
     - Russian, thanks to Yuri Kozlov <yu...@komyakino.ru> (closes: #541094)
Checksums-Sha1: 
 f5ea71acf49c172e95f5daff1737cb8f7a760a72 1476 pam_1.0.1-11.dsc
 7259aa5cd6dc4fc07957ee7aa88c70b29268b9d3 171187 pam_1.0.1-11.diff.gz
 dec3867ee07bcf3cec63931c9b656636e4386051 187844 libpam-runtime_1.0.1-11_all.deb
 90851d1e91815b5c3cfe3c15a2cf645422c82da2 290462 libpam-doc_1.0.1-11_all.deb
 b130bdfd4dd6feb43af8cf92de2335e20094f71d 108024 libpam0g_1.0.1-11_amd64.deb
 c9e52362ccd5824b27f7b0949cc0df532e2f52a5 309954 
libpam-modules_1.0.1-11_amd64.deb
 68dd99011654cda596e7dab163051dcbe7e31966 165008 libpam0g-dev_1.0.1-11_amd64.deb
 a318094b79bfbd7531674488be8878345c62dc00 67558 
libpam-cracklib_1.0.1-11_amd64.deb
Checksums-Sha256: 
 07d575d8b83e565d0be3d4964f935c9f0af388445607d14361644c4699ad01a0 1476 
pam_1.0.1-11.dsc
 a905bdaaa9145cdb96dfe40ab8c058517e5791b1738739af2e5473b8309a26b4 171187 
pam_1.0.1-11.diff.gz
 fe7794e0b5f76e5b20495ee7c75857ca717a671434ee197f57c26e2e9b30cd40 187844 
libpam-runtime_1.0.1-11_all.deb
 dfba45693d950a811d3c583eb6760afe4a4e889f79c470ac57c17234a2fe2150 290462 
libpam-doc_1.0.1-11_all.deb
 dc8d4072b33da29a0185061e50162a3bb2ba2efc34e174d7a782c53cb9aff600 108024 
libpam0g_1.0.1-11_amd64.deb
 19bbe232ab6396738eb807997916bd4a2c7bc1a30099f84bfb516a448a04ab54 309954 
libpam-modules_1.0.1-11_amd64.deb
 c91ad2aa7e499685402488c987d346136dd51bd6c167f51de2d11f7348e51151 165008 
libpam0g-dev_1.0.1-11_amd64.deb
 fd81b079ffbe572b66ed63a011a4f5f7f6962d1e79c2e13373c68a4a24a18b2f 67558 
libpam-cracklib_1.0.1-11_amd64.deb
Files: 
 a52b3d215795e3d055ba534d606979b1 1476 libs optional pam_1.0.1-11.dsc
 9717f6a8a8bf8c65e7c50e7518bef804 171187 libs optional pam_1.0.1-11.diff.gz
 20ce6210e6431681ae53fe0011004ee2 187844 admin required 
libpam-runtime_1.0.1-11_all.deb
 dd9304ce2f8c4a07aa754b8e07eb76be 290462 doc optional 
libpam-doc_1.0.1-11_all.deb
 edfaa433fbda605d340ea213e1ff6561 108024 libs required 
libpam0g_1.0.1-11_amd64.deb
 0812f9187f5678132d7266524a67ae26 309954 admin required 
libpam-modules_1.0.1-11_amd64.deb
 398efcd9442e0a9797840b61f0d3497c 165008 libdevel optional 
libpam0g-dev_1.0.1-11_amd64.deb
 451a43059350cc42fb4e4b2319cf8e97 67558 admin optional 
libpam-cracklib_1.0.1-11_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKkfn/KN6ufymYLloRAunmAJ9RHWvzvD+TY6xDko+6MEuv6f2zOwCgzJ+j
XhvUEcP2ntw0Ym4kiS3+mnI=
=QlDx
-----END PGP SIGNATURE-----

--- End Message ---