Bug#782554: libpam-ldapd: pam-configs/ldap should consult /etc/login.defs for UID_MIN setting
On Tue, 2015-04-14 at 15:28 +0930, Phil Nitschke wrote: > We inherited a legacy system where user's UIDs are less than 1000. > We set the UID_MIN value in /etc/login.defs, but whenever libpam-ldapd is > updated, it specifies minimum_uid=1000 and users cannot log in. I also manage a legacy system with uid below 1000. We have made modifications to minimum_uid in /etc/pam.d/common-* and have not seen any changes on upgrades. The pam-auth-update command is supposed to keep manual changes to those files intact. > I suggest having the postinst script run a couple tests, e.g. > > MINUID=`grep "^UID_MIN" /etc/login.defs | awk '{print $2}'` > > Then if $MINUID != 1000, use it to update the values in /usr/share/pam- > configs/ldap, prior to running pam-auth-update. I don't think the postinst is allowed to modify files under /usr so this would quickly turn into something ugly with a symlink. Perhaps it is possible to modify minimum_uid in /etc/pam.d/common-* from the postinst but this also sounds very fragile to me. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#782554: libpam-ldapd: pam-configs/ldap should consult /etc/login.defs for UID_MIN setting
Package: libpam-ldapd Version: 0.9.5-1 Severity: normal Dear Maintainer, We inherited a legacy system where user's UIDs are less than 1000. We set the UID_MIN value in /etc/login.defs, but whenever libpam-ldapd is updated, it specifies minimum_uid=1000 and users cannot log in. I suggest having the postinst script run a couple tests, e.g. MINUID=`grep "^UID_MIN" /etc/login.defs | awk '{print $2}'` Then if $MINUID != 1000, use it to update the values in /usr/share/pam- configs/ldap, prior to running pam-auth-update. Thanks! -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libpam-ldapd depends on: ii libc6 2.19-17 ii libpam-runtime 1.1.8-3.1 ii libpam0g 1.1.8-3.1 ii multiarch-support 2.19-17 ii nslcd [nslcd-2]0.9.5-1 libpam-ldapd recommends no packages. libpam-ldapd suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org