Package: libpam-modules Version: 1.1.8-3.8 Severity: normal Because /usr/share/pam-configs/mkhomedir specifies "Priority: 0", if you enable it using `sudo pam-auth-update` pam_mkhomedir.so will become the last module listed in /etc/pam.d/common-session, meaning it will run after all other enabled modules.
This can cause problems if any of the other session modules assume that the home directory already exists. Even worse, if another session module recursively creates a directory in the home directory it needs, pam_mkhomedir.so will believe that the home directory was set up already, and no files will be copied from the skeleton directory. In my case I hit the problem with libpam-mount, which has "Priority: 128", so changing /usr/share/pam-configs/mkhomedir to anything above that would solve the issue for me. However, after looking at the "Priority" field of all pam-configs with "Session-Type: Additional" in Debian [1] I found that the module with the highest priority which should propably run after mkhomedir is libpam-script with "Priority: 257"... I also found that "plinth" include /usr/share/pam-configs/mkhomedir-freedombox with "Priority: 900". Maybe that is a suitable priority for mkhomedir as well. [1]: libpam-afs-session: /usr/share/pam-configs/afs-session Priority: 64 libpam-cgfs: /usr/share/pam-configs/cgfs Priority: 0 libpam-cgm: /usr/share/pam-configs/cgm Priority: 0 libpam-ck-connector: /usr/share/pam-configs/consolekit Priority: 0 ecryptfs-utils: /usr/share/pam-configs/ecryptfs-utils Priority: 0 debian-edu-config: /usr/share/pam-configs/edu-umask Priority: 0 libpam-fscrypt: /usr/share/pam-configs/fscrypt Priority: 0 libpam-heimdal: /usr/share/pam-configs/krb5 Priority: 704 libpam-krb5: /usr/share/pam-configs/krb5 Priority: 704 libpam-ldap: /usr/share/pam-configs/ldap Priority: 128 libpam-ldapd: /usr/share/pam-configs/ldap Priority: 128 libpam-mount: /usr/share/pam-configs/libpam-mount Priority: 128 libpam-modules: /usr/share/pam-configs/mkhomedir Priority: 0 plinth: /usr/share/pam-configs/mkhomedir-freedombox Priority: 900 libpam-mklocaluser: /usr/share/pam-configs/mklocaluser Priority: 0 libpam-script: /usr/share/pam-configs/pam_script Priority: 257 libpam-snapper: /usr/share/pam-configs/snapper Priority: 0 libpam-ssh: /usr/share/pam-configs/ssh Priority: 64 libpam-sss: /usr/share/pam-configs/sss Priority: 128 libpam-systemd: /usr/share/pam-configs/systemd Priority: 0 libpam-tacplus: /usr/share/pam-configs/tacplus Priority: 257 libpam-tmpdir: /usr/share/pam-configs/tmpdir Priority: 0 libpam-runtime: /usr/share/pam-configs/unix Priority: 256 libpam-winbind: /usr/share/pam-configs/winbind Priority: 192