Package: libpam-runtime
Version: 1.1.1-4
Severity: normal
Tags: patch
Hi,
I have this line in my pam config:
$ grep passwdqc /etc/pam.d/common-password
password requisite pam_passwdqc.so random=32
min=disabled,8,8,7,7 enforce=users
If I run pam-auth-update, the options are reordered:
$ sudo pam-auth-update
$ grep passwdqc /etc/pam.d/common-password
password requisite pam_passwdqc.so random=32
enforce=users min=disabled,8,8,7,7
Each time I run it, I get a random permutation:
$ sudo pam-auth-update
$ md5sum common-password
64243ec2bed901c9062f23e4757c14b2 common-password
$ sudo pam-auth-update
$ md5sum common-password
28ec1dc99e396347ba1ad7123a914fc6 common-password
This causes unnecessary churn in e.g. etckeeper or any other version
control system being used for /etc. Please consider the attached
patch which sorts the options, making pam-auth-update output stable
for two subsequent runs.
-jim
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (990, 'stable'), (80, 'testing'), (50, 'unstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.34-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libpam-runtime depends on:
ii debconf 1.5.24 Debian configuration management sy
ii libpam-modules 1.1.1-4 Pluggable Authentication Modules f
libpam-runtime recommends no packages.
libpam-runtime suggests no packages.
-- debconf information:
libpam-runtime/conflicts:
libpam-runtime/no_profiles_chosen:
libpam-runtime/you-had-no-auth:
libpam-runtime/override: false
* libpam-runtime/profiles: passwdqc, unix, capability
--- /usr/sbin/pam-auth-update 2010-08-23 16:07:41.000000000 -0400
+++ /tmp/pam-auth-update 2010-08-23 16:07:36.000000000 -0400
@@ -271,7 +271,7 @@
$i--;
}
}
- return $modline . " " . join(' ',@opts,keys(%{$adds})) . "\n";
+ return $modline . " " . join(' ',@opts,sort keys(%{$adds})) . "\n";
}
# return the lines for a given config name, type, and position in the stack