Bug#782554: libpam-ldapd: pam-configs/ldap should consult /etc/login.defs for UID_MIN setting

2015-04-16 Thread Arthur de Jong 
On Tue, 2015-04-14 at 15:28 +0930, Phil Nitschke wrote:
> We inherited a legacy system where user's UIDs are less than 1000.
> We set the UID_MIN value in /etc/login.defs, but whenever libpam-ldapd is
> updated, it specifies minimum_uid=1000 and users cannot log in.

I also manage a legacy system with uid below 1000. We have made
modifications to minimum_uid in /etc/pam.d/common-* and have not seen
any changes on upgrades. The pam-auth-update command is supposed to keep
manual changes to those files intact.

> I suggest having the postinst script run a couple tests, e.g.
> 
> MINUID=`grep "^UID_MIN" /etc/login.defs | awk '{print $2}'`
> 
> Then if $MINUID != 1000, use it to update the values in /usr/share/pam-
> configs/ldap, prior to running pam-auth-update.

I don't think the postinst is allowed to modify files under /usr so this
would quickly turn into something ugly with a symlink.

Perhaps it is possible to modify minimum_uid in /etc/pam.d/common-* from
the postinst but this also sounds very fragile to me.

Thanks,

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --


signature.asc
Description: This is a digitally signed message part

Bug#782554: libpam-ldapd: pam-configs/ldap should consult /etc/login.defs for UID_MIN setting

2015-04-13 Thread Phil Nitschke 
Package: libpam-ldapd
Version: 0.9.5-1
Severity: normal

Dear Maintainer,

We inherited a legacy system where user's UIDs are less than 1000.
We set the UID_MIN value in /etc/login.defs, but whenever libpam-ldapd is
updated, it specifies minimum_uid=1000 and users cannot log in.

I suggest having the postinst script run a couple tests, e.g.

MINUID=`grep "^UID_MIN" /etc/login.defs | awk '{print $2}'`

Then if $MINUID != 1000, use it to update the values in /usr/share/pam-
configs/ldap, prior to running pam-auth-update.

Thanks!



-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libpam-ldapd depends on:
ii  libc6  2.19-17
ii  libpam-runtime 1.1.8-3.1
ii  libpam0g   1.1.8-3.1
ii  multiarch-support  2.19-17
ii  nslcd [nslcd-2]0.9.5-1

libpam-ldapd recommends no packages.

libpam-ldapd suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org