Package: libpam-modules
Version: 1.1.8-3.8
Severity: normal
Because /usr/share/pam-configs/mkhomedir specifies "Priority: 0", if you
enable it using `sudo pam-auth-update` pam_mkhomedir.so will become the
last module listed in /etc/pam.d/common-session, meaning it will run after
all other enabled modules.
This can cause problems if any of the other session modules assume that
the home directory already exists. Even worse, if another session module
recursively creates a directory in the home directory it needs,
pam_mkhomedir.so will believe that the home directory was set up already,
and no files will be copied from the skeleton directory.
In my case I hit the problem with libpam-mount, which has "Priority: 128",
so changing /usr/share/pam-configs/mkhomedir to anything above that would
solve the issue for me. However, after looking at the "Priority" field of
all pam-configs with "Session-Type: Additional" in Debian [1] I found that
the module with the highest priority which should propably run after
mkhomedir is libpam-script with "Priority: 257"...
I also found that "plinth" include /usr/share/pam-configs/mkhomedir-freedombox
with "Priority: 900". Maybe that is a suitable priority for mkhomedir as well.
[1]:
libpam-afs-session: /usr/share/pam-configs/afs-session
Priority: 64
libpam-cgfs: /usr/share/pam-configs/cgfs
Priority: 0
libpam-cgm: /usr/share/pam-configs/cgm
Priority: 0
libpam-ck-connector: /usr/share/pam-configs/consolekit
Priority: 0
ecryptfs-utils: /usr/share/pam-configs/ecryptfs-utils
Priority: 0
debian-edu-config: /usr/share/pam-configs/edu-umask
Priority: 0
libpam-fscrypt: /usr/share/pam-configs/fscrypt
Priority: 0
libpam-heimdal: /usr/share/pam-configs/krb5
Priority: 704
libpam-krb5: /usr/share/pam-configs/krb5
Priority: 704
libpam-ldap: /usr/share/pam-configs/ldap
Priority: 128
libpam-ldapd: /usr/share/pam-configs/ldap
Priority: 128
libpam-mount: /usr/share/pam-configs/libpam-mount
Priority: 128
libpam-modules: /usr/share/pam-configs/mkhomedir
Priority: 0
plinth: /usr/share/pam-configs/mkhomedir-freedombox
Priority: 900
libpam-mklocaluser: /usr/share/pam-configs/mklocaluser
Priority: 0
libpam-script: /usr/share/pam-configs/pam_script
Priority: 257
libpam-snapper: /usr/share/pam-configs/snapper
Priority: 0
libpam-ssh: /usr/share/pam-configs/ssh
Priority: 64
libpam-sss: /usr/share/pam-configs/sss
Priority: 128
libpam-systemd: /usr/share/pam-configs/systemd
Priority: 0
libpam-tacplus: /usr/share/pam-configs/tacplus
Priority: 257
libpam-tmpdir: /usr/share/pam-configs/tmpdir
Priority: 0
libpam-runtime: /usr/share/pam-configs/unix
Priority: 256
libpam-winbind: /usr/share/pam-configs/winbind
Priority: 192
