Hello there,
I found this bug on bugs.d.o and wondered about it, too.
/var/log/auth.log is complaining about the missing scripts.
>> can not stat /usr/share/libpam-script/pam_script_ses_open
>> can not stat /usr/share/libpam-script/pam_script_auth
>> can not stat /usr/share/libpam-script/pam_script_acct
Journalctl is even worse, it prints out these "messages" with priority 3
("ERROR") in the color red. There are no messages with lower priority on
my system - even when something badly goes wrong.
>> Can one somehow make it stop invoking those scripts?
> I wonder how you got this package. If you don't use it I would recommend
> to remove it.
> If you do need to execute scripts it would be best to create the files or
> symlink them like described in the README.Debian file.
Truely: Do you ALWAYS use all possible scripts?
I created the scripts I need (ses_open and ses_close), but don't need auth,
acct and passwd.
libpam-script/README.pam_script says:
The scripts can be symbolic links or not exist at all as the case may
be.
and
The scripts must return an exit value of 0 if successful with
regards to its purpose; else return a non-zero exit value. The
pam_script.so module does not interpret non-zero values as anything else
except as the appropriate failure for the given module-type.
With that in mind I don't want to mess around with "sufficient"-PAM-scripts
that I don't need,
instead I just want to take care of those things I really want. Of course an
unneeded "sufficient"
or "optional" script safely should fail with a non-zero exit-code, but for that
you must have a
smell of how PAM works and it's not friendly for newbies.
IMO a high priority "debug (7)" message or even "info (6)" would be helpfull in
case you really
"forgot" creating a symlink, but for shure it's no "error" (priority 3) if an
unneeded file is
missing.
Christian
