Public bug reported: Hey!
We're using libpam in the Ubuntu Core rootfs for the core24 snap (which is pam from Noble). We've run into a sitaution where we would like to move pam.d files into /usr/lib/pam.d instead of /etc/pam.d, and looking at man pages this should be supported. (I.e it always checks /etc/pam.d first, then /usr/lib/pam.d). However, there seems to be an issue (or misunderstanding) in terms of how `include`'s are loaded. For an installation that has all pam.d files in /usr/lib we get this error: ``` [ 556.375377] sshd[3553]: PAM _pam_load_conf_file: unable to open config for /etc/pam.d/common-auth [ 556.377644] sshd[3553]: PAM error loading (null) [ 556.379731] sshd[3553]: PAM _pam_init_handlers: error reading /usr/lib/pam.d/sshd [ 556.382681] sshd[3553]: PAM _pam_init_handlers: [Critical error - immediate abort] [ 556.384512] sshd[3553]: PAM error reading PAM configuration file [ 556.386397] sshd[3553]: PAM pam_start: failed to initialize handlers [ 556.389716] sshd[3553]: PAM pam_end: NULL pam handle passed [ 556.393755] sshd[3553]: fatal: PAM: initialisation failed ``` It seems to correctly read sshd from /usr/lib/pam.d/, however the includes it seems it insists on loading through /etc/pam.d. Looking at the code: https://git.launchpad.net/ubuntu/+source/pam/tree/libpam/pam_handlers.c?h=applied/ubuntu/noble#n227 it seems that it only checks /etc/pam.d, and not /usr/lib/pam.d. This seems to not be in line with the man pages? ** Affects: pam (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2087827 Title: Pam includes does not look in /usr/lib/pam.d To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2087827/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
