Package: libpam-runtime
Severity: normal
Version: 1.5.2-6
Quack,
Thanks for adding the feature in #1004000 but it unfortunately does not
work.
I don't recall if I tested the feature extensively but I updated my
Ansible rules and it is ineffective. After switching a machine to
bookworm I still get the module I want disabled around (it is reenabled
during upgrade) and that breaks authentication.
I then started to check manually:
# grep sss /etc/pam.d/*
/etc/pam.d/common-account:account [default=bad success=ok
user_unknown=ignore] pam_sss.so
/etc/pam.d/common-auth:auth [success=2 default=ignore] pam_sss.so
use_first_pass
/etc/pam.d/common-password:password sufficient
pam_sss.so use_authtok
/etc/pam.d/common-session:session optional
pam_sss.so
# pam-auth-update --disable sss
=> same result
# pam-auth-update --force --disable sss
=> same result
If I use pam-auth-update interactively and uncheck sss then it works.
I then used `pam-auth-update --enable sss` and sss reappeared in the
config and tried again --disable but to no avail.
Could you please have a look?
Regards.
\_o<
--
Marc Dequènes