[bringing Steve, our pam maintainer, into the loop] Hi Steve,
the following looks like an issue in pam-auth-update and similar to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923362 Any idea what might be going wrong there? Am 09.03.19 um 19:55 schrieb Julien Leproust: > Hi, > > Well we're in luck, I have etckeeper installed since 2012. > > On both machines, I never edited /etc/pam.d/common-* manually. > > * fc3256a - Sat, 9 Mar 2019 12:59:20 +0100 (7 hours ago) (HEAD -> master) > | daily autocommit - root > * efc0d23 - Thu, 7 Feb 2019 23:16:46 +0100 (4 weeks ago) > | committing changes in /etc made by "aptitude" - root > * 6d1fbcf - Tue, 20 Feb 2018 22:51:34 +0100 (1 year, 1 month ago) > | committing changes in /etc after apt run - root > * 72d4029 - Tue, 19 Apr 2016 22:00:51 +0200 (2 years, 11 months ago) > | committing changes in /etc after apt run - root > * 50f69ee - Sat, 1 Mar 2014 15:33:33 +0100 (5 years ago) > | committing changes in /etc after apt run - root > * dee824f - Sat, 4 Aug 2012 10:55:33 +0200 (7 years ago) > Initial commit - root > > The modification today is the fix using pam-auth-update. > > The last modification, which broke pam_systemd.so, was triggered by > libpam-cap:amd64 (1:2.25-2). The update triggered pam-auth-update, and > /var/log/apt/term.log shows the choices I made: > > ────────────────────────┤ PAM configuration ├─────────────────────── > Pluggable Authentication Modules (PAM) determine how authentication, > authorization, and password changing are handled on the system, as > well as allowing configuration of additional actions to take when > starting user sessions. > > Some PAM module packages provide profiles that can be used to > automatically adjust the behavior of all PAM-using applications on > the system. Please indicate which of these behaviors you wish to > enable. > > PAM profiles to enable: > > [*] Unix authentication > [*] Register user sessions in the systemd control group ... > [ ] Create home directory on login > [*] GNOME Keyring Daemon - Login keyring management > [*] Inheritable Capabilities Management > > > <Ok> <Cancel> > > ──────────────────────────────────────────────────────────────────── > > And then, pam_systemd.so was incorrectly removed? I'm sure you're going > to assume I disabled the second option, but I really doubt this. > > Previous modifications: > - 20 Feb 2018: removal of libpam-ck-connector > - 19 Apr 2016: installation of libpam-cgfs > - 1 Mar 2014: installation of libpam-systemd > > Initial state for reference in August 2012: > ======================================================================= > # > # /etc/pam.d/common-session - session-related modules common to all > services > # > # This file is included from other service-specific PAM config files, > # and should contain a list of modules that define tasks to be performed > # at the start and end of sessions of *any* kind (both interactive and > # non-interactive). > # > # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. > # To take advantage of this, it is recommended that you configure any > # local modules either before or after the default block, and use > # pam-auth-update to manage selection of other modules. See > # pam-auth-update(8) for details. > > # here are the per-package modules (the "Primary" block) > session [default=1] pam_permit.so > # here's the fallback if no module succeeds > session requisite pam_deny.so > # prime the stack with a positive return value if there isn't one already; > # this avoids us returning an error just because nothing sets a success > code > # since the modules above will each just jump around > session required pam_permit.so > # and here are more per-package modules (the "Additional" block) > session required pam_unix.so > session optional pam_systemd.so > session optional pam_ck_connector.so nox11 > # end of pam-auth-update config > ======================================================================= > > And today: > ======================================================================= > # > # /etc/pam.d/common-session - session-related modules common to all > services > # > # This file is included from other service-specific PAM config files, > # and should contain a list of modules that define tasks to be performed > # at the start and end of sessions of *any* kind (both interactive and > # non-interactive). > # > # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. > # To take advantage of this, it is recommended that you configure any > # local modules either before or after the default block, and use > # pam-auth-update to manage selection of other modules. See > # pam-auth-update(8) for details. > > # here are the per-package modules (the "Primary" block) > session [default=1] pam_permit.so > # here's the fallback if no module succeeds > session requisite pam_deny.so > # prime the stack with a positive return value if there isn't one already; > # this avoids us returning an error just because nothing sets a success > code > # since the modules above will each just jump around > session required pam_permit.so > # and here are more per-package modules (the "Additional" block) > session required pam_unix.so > session optional pam_systemd.so > session optional pam_cgfs.so -c freezer,memory,name=systemd > # end of pam-auth-update config > ======================================================================= > > I can provide the full git and apt logs, but I'd have to edit them > before to hide personal information. > > Thanks anyway. > > Best regards, > -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers