>>>>> "Chris" == Chris Hofstaedtler <[email protected]> writes:
Chris> On Tue, Jun 16, 2026 at 12:44:05AM +0200, Guillem Jover wrote:
>> IMO, util-linux should revert the specific breaking change,
Chris> u-l -5 removed the usage of `include`, so `su -l` works
Chris> again. However it seems we were "lucky" that u-l exposed
Chris> this problem. Imagine other packages would have switched
Chris> first, then we'd now have a lot more packages installing
Chris> files into /usr/lib/pam.d.
Yes!
I really appreciate your help on this, and I deeply regret that I missed
the text in the man page.
Current state:
* dh_installpam is installing to /etc/pam.d
* PAM has been fixed to support /usr/lib/pam.d including include support
* There is an RC bug open on pam to figure out any next steps.
I have a patch that logs an error on the use of /usr/lib/pam.d. That's
kind of a big hammer, and I want to reread my 2023 reasoning and double
check that's the right answer for Debian before releasing that patch. I
plan to pull out the documentation from pam.7 and close the RC bug at
that point. By the beginning of July, I plan to move forward on a more
permanent direction--one of:
* Add the log call on use of /usr/lib/pam.d (with a way for downstreams
to turn it off at build time)
* Have a clear set of questions for debian-devel
* Restore the text in pam.7 and update the mini-policy to allow for
installing in /usr/lib/pam.d
signature.asc
Description: PGP signature
