This bug was fixed in the package pam - 1.1.8-3.6ubuntu2.18.04.3
---
pam (1.1.8-3.6ubuntu2.18.04.3) bionic; urgency=medium
* Backport pam_faillock module from pam 1.4.0 (LP: #1927796)
- debian/patches-applied/add_pam_faillock.patch: add module.
-
Oh, I seem to have overlooked that one. We are hitting the exact same
issue with the new postgresql releases, so it's unrelated to the pam
SRU:
https://bugs.launchpad.net/ubuntu/+source/postgresql-12/+bug/1928773/comments/2
--
You received this bug notification because you are a member of
Hey Marc! What about the postgresql-10/armhf autopkgtest failure for
bionic?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1927796
Title:
[SRU]pam_tally2 can cause accounts to be locked by correct
This bug was fixed in the package pam - 1.3.1-5ubuntu4.2
---
pam (1.3.1-5ubuntu4.2) focal; urgency=medium
* Backport pam_faillock module from pam 1.4.0 (LP: #1927796)
- debian/patches-applied/add_pam_faillock.patch: add module.
-
This bug was fixed in the package pam - 1.3.1-5ubuntu6.20.10.1
---
pam (1.3.1-5ubuntu6.20.10.1) groovy; urgency=medium
* Backport pam_faillock module from pam 1.4.0 (LP: #1927796)
- debian/patches-applied/add_pam_faillock.patch: add module.
-
This bug was fixed in the package pam - 1.3.1-5ubuntu6.21.04.1
---
pam (1.3.1-5ubuntu6.21.04.1) hirsute; urgency=medium
* Backport pam_faillock module from pam 1.4.0 (LP: #1927796)
- debian/patches-applied/add_pam_faillock.patch: add module.
-
This bug was fixed in the package pam - 1.3.1-5ubuntu7
---
pam (1.3.1-5ubuntu7) impish; urgency=medium
* Backport pam_faillock module from pam 1.4.0 (LP: #1927796)
- debian/patches-applied/add_pam_faillock.patch: add module.
-
Autopkgtests in comments #14 to #17 passed on retries except for openssh
which appears to be failing because of a date issue, which is unrelated
to the pam SRU.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Performing verification for Groovy
I enabled -proposed and installed libpam-modules libpam-modules-bin
libpam-runtime libpam0g version 1.3.1-5ubuntu6.20.10.1
>From there, I set the pam_faillock configuration in:
/etc/security/faillock.conf:
deny = 3
unlock_time = 120
and also:
Performing verification for Hirsute
I enabled -proposed and installed libpam-modules libpam-modules-bin
libpam-runtime libpam0g version 1.3.1-5ubuntu6.21.04.1
>From there, I set the pam_faillock configuration in:
/etc/security/faillock.conf:
deny = 3
unlock_time = 120
and also:
Performing verification for Focal
I enabled -proposed and installed libpam-modules libpam-modules-bin
libpam-runtime libpam0g version 1.3.1-5ubuntu4.2
>From there, I set the pam_faillock configuration in:
/etc/security/faillock.conf:
deny = 3
unlock_time = 120
and also:
Performing verification for Bionic
I enabled -proposed and installed libpam-modules libpam-modules-bin
libpam-runtime libpam0g version 1.1.8-3.6ubuntu2.18.04.3
>From there, I set the pam_faillock configuration in:
/etc/security/faillock.conf:
deny = 3
unlock_time = 120
and also:
By following the same test procedure done in #18 and #19, the Hirsute
build of pam_faillock was successfully validated.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1927796
Title:
[SRU]pam_tally2
By following the same test procedure done in #18 and #19, the Groovy
build of pam_faillock was successfully validated.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1927796
Title:
[SRU]pam_tally2
By following the same test procedure done in #18 and #19, the Focal
build of pam_faillock was successfully validated.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1927796
Title:
[SRU]pam_tally2
Additional tests done on bionic: after changing the parameters set in
/etc/security/faillock.conf to:
deny=2
unlock_time=20
By trying to authenticate with the wrong password 2 times, it was
verified that the account was locked for the amount of time set to the
unlock_time parameter (20s).
--
Tested pam_faillock module for pam on bionic.
Test consisted on setting up pam_faillock with the following
configuration, as described in the man page:
/etc/security/faillock.conf file example:
deny=4
unlock_time=1200
silent
/etc/pam.d/config file example:
auth required
Hello Richard, or anyone else affected,
Accepted pam into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/pam/1.1.8-3.6ubuntu2.18.04.3 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Hello Richard, or anyone else affected,
Accepted pam into groovy-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/pam/1.3.1-5ubuntu6.20.10.1 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
Ok, so this adds quite a big piece of new code, so normally I would be a
bit worried about the maintainability of this. Seeing that Marc is the
sponsor here, I will quietly assume that the maintainability of the new
functionality is fine from the security team's POV and that this will
not be an
I have uploaded packages for processing by the SRU team.
** Changed in: pam (Ubuntu Bionic)
Status: New => In Progress
** Changed in: pam (Ubuntu Focal)
Status: New => In Progress
** Changed in: pam (Ubuntu Groovy)
Status: New => In Progress
** Changed in: pam (Ubuntu
** Patch added: "Bionic debdiff"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1927796/+attachment/5496426/+files/pam_1.1.8-3.6ubuntu2.18.04.3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Focal debdiff"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1927796/+attachment/5496425/+files/pam_1.3.1-5ubuntu4.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Groovy debdiff"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1927796/+attachment/5496424/+files/pam_1.3.1-5ubuntu6.20.10.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Hirsute debdiff"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1927796/+attachment/5496423/+files/pam_1.3.1-5ubuntu6.21.04.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The debdiffs in comment #1 currently create a multiarch manpage
collision because of a pam packaging particularity. (See bug 1558597 for
an example)
I will update the debdiffs to correct the issue and will post them here
once done.
--
You received this bug notification because you are a member
** Also affects: pam (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: pam (Ubuntu Hirsute)
Importance: Undecided
Status: New
** Also affects: pam (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: pam (Ubuntu Bionic)
Importance:
** Description changed:
[IMPACT]
There is a known issue in pam_tally2 which may cause an account to be lock
down even with correct password, in a busy node environment where simultaneous
logins takes place (https://github.com/linux-pam/linux-pam/issues/71).
- There are already two
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: pam (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1927796
Title:
29 matches
Mail list logo
