← Back to team overview

debcrafters-packages team mailing list archive

  1. debcrafters-packages team
  2. Mailing list archive
  3. Message #00259

[Bug 2101949] Re: pam-auth-update --remove sss does not work

  Thread PreviousDate PreviousThread Next 
-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2101949

Title:
  pam-auth-update --remove sss does not work

Status in pam package in Ubuntu:
  Confirmed

Bug description:
  # Ask pam-auth-update to disable SSS authentication profile
  $ sudo pam-auth-update --remove sss

  # SSSD is removed from PAM
  $ grep -R sss /etc/pam.d/
  /etc/pam.d/common-session.pam-old:session       optional                        pam_sss.so
  /etc/pam.d/common-auth.pam-old:auth     [success=1 default=ignore]      pam_sss.so use_first_pass
  /etc/pam.d/common-account.pam-old:account       [default=bad success=ok user_unknown=ignore]    pam_sss.so
  /etc/pam.d/common-password.pam-old:password     sufficient                      pam_sss.so use_authtok

  # As pam-auth-update viewpoint, SSS authentication profile still enable
  $ sudo pam-auth-update
  <omit>
  [*] SSS authentication
  <omit>

  # After pam-auth-update executed, SSSD is back to PAM even no one ask for it,
  $ grep -R sss /etc/pam.d/
  /etc/pam.d/common-account:account       [default=bad success=ok user_unknown=ignore]    pam_sss.so
  /etc/pam.d/common-session.pam-old:session       optional                        pam_sss.so
  /etc/pam.d/common-auth.pam-old:auth     [success=1 default=ignore]      pam_sss.so use_first_pass
  /etc/pam.d/common-password:password     sufficient                      pam_sss.so use_authtok
  /etc/pam.d/common-account.pam-old:account       [default=bad success=ok user_unknown=ignore]    pam_sss.so
  /etc/pam.d/common-auth:auth     [success=1 default=ignore]      pam_sss.so use_first_pass
  /etc/pam.d/common-password.pam-old:password     sufficient                      pam_sss.so use_authtok
  /etc/pam.d/common-session:session       optional                        pam_sss.so

  # Version
  $ whereis pam-auth-update
  pam-auth-update: /usr/sbin/pam-auth-update /usr/share/man/man8/pam-auth-update.8.gz
  $ dpkg -S /usr/sbin/pam-auth-update
  libpam-runtime: /usr/sbin/pam-auth-update
  $ dpkg -l libpam-runtime
  <omit>
  ||/ Name           Version           Architecture Description
  +++-==============-=================-============-===================================
  ii  libpam-runtime 1.4.0-11ubuntu2.5 all          Runtime support for the PAM library
  <omit>

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2101949/+subscriptions
  Thread PreviousDate PreviousThread Next