[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
...sorry ^^^ - %s/debconf-get-selections/debconf-set-selections/ of course :-) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in dpkg package in Ubuntu: Confirmed Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean true libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtimelibpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean false libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtimelibpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
This VERY ugly hack works on Ubuntu 18.04... -- /usr/share/pam-config/mkhomedir - Default: yes Priority: 0 Session-Type: Additional Session: required pam_mkhomedir.so skel=/etc/skel umask=0027 apt-get install debconf-utils echo libpam-runtime libpam-runtime/profiles multiselect mkhomedir | debconf-get-selections rm /var/lib/pam/seen rm /etc/pam.d/common-* DEBIAN_FRONTEND=noninteractive pam-auth-update --force -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in dpkg package in Ubuntu: Confirmed Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean true libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtimelibpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean false libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtimelibpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: dpkg (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in dpkg package in Ubuntu: Confirmed Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean true libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtimelibpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean false libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtimelibpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
** Also affects: dpkg (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in dpkg package in Ubuntu: New Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean true libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtimelibpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean false libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtimelibpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
Just come up against this issue whilst trying to automate deployments via puppet. Can we please get some feedback/movement on this issue from someone? This make RedHats authconfig look sleek and polished! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean true libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtimelibpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean false libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtimelibpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
Same issue in #6 with Xenial. Same chef cookbook that works on 14.04 doesn't work on 16.04 because of the "seen" issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean true libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtimelibpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean false libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtimelibpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
For those trying to non-interactively enable mkhomedir module, here's what I did: sed -i '/mkhomedir/d' /var/lib/pam/seen pam-auth-update --package After running pam-auth-update, mkhomedir was present in /etc/pam.d /common-session. Found this solution here https://ubuntuforums.org/showthread.php?t=2278852 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean true libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtimelibpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean false libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtimelibpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
It seems to be impossible to manage some pam auth settings non- interactively due to this bug. For example, I want to fetch user/group info from LDAP on a server so I install 'libnss-ldap'. This automatically enables ldap authentication in PAM (this already seems like a bad idea) which I don't want, I just want the user/group info available. My first attempt to avoid this is just edit /etc/pam.d/common-auth to not use ldap. However, this manual edit will get silently reverted anytime the libnss-ldap package gets updated (or pam-auth-update gets run for some other reason). Ok, so I research pam-auth-update which claims that "Debconf is the correct interface to use for management of PAM config files" (https://wiki.ubuntu.com/PAMConfigFrameworkSpec). Ok so I use debconf- setselections to remove "ldap" from "libpam-runtime/profiles". I try running "dpkg-reconfigure libnss-ldap" and it completely wipes my manual debconf settings and re-enables ldap authentication! There has to be __some__ way to avoid this behavior and not have it silently re-enabled behind my back. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean true libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtimelibpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean false libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtimelibpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
Came by to report this same issue. /usr/share/pam-config/mkhomedir is being ignored on Ubuntu 16.04 with this configuration: Name: Create home directory during login Default: yes Priority: 900 Session-Type: Additional Session: requiredpam_mkhomedir.so umask=0077 skel=/etc/skel It was working perfectly fine on Ubuntu 14.04. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean true libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtimelibpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean false libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtimelibpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
It was working in trusty but is being broken once again in xenial. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean true libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtimelibpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtimelibpam-runtime/override boolean false libpam-runtimelibpam-runtime/conflictserror libpam-runtimelibpam-runtime/no_profiles_chosen error libpam-runtimelibpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtimelibpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 682662] Re: pam-auth-update ignores debconf settings
Also facing this issue, it's weird that newer pam-auth-update also ignores default option in pam configs. So now it's not possible to non-interactively enable new profile (but it was working in trusty). Here's updated script to add one profile (mkhomedir) to current set of profiles: #!/bin/sh PROFILES=$(debconf-get-selections | grep libpam-runtime/profiles | cut -d ' ' -f 2- | sed s/\,\ mkhomedir//g) PROFILES="${PROFILES}, mkhomedir" for profile in /usr/share/pam-configs/*; do profile_name=$(grep Name: $profile | cut -d ' ' -f 2-) PROFILES=$(echo $PROFILES | sed s,$(basename $profile),"${profile_name}",g) done cat > $1