This bug was fixed in the package pam - 1.4.0-10ubuntu1 --------------- pam (1.4.0-10ubuntu1) jammy; urgency=medium
* Merge from Debian unstable (LP: #1916509). Remaining changes: - debian/control: have libpam-modules recommend update-motd package - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - debian/patches-applied/extrausers.patch: Add a pam_extrausers module that is basically just a copy of pam_unix but looks at /var/lib/extrausers/{group,passwd,shadow} instead of /etc/ - debian/libpam-modules-bin.install: install the helper binaries for pam_extrausers to /sbin - debian/rules: Make pam_extrausers_chkpwd sguid shadow - Add lintian override for pam_extrausers_chkpwd - Disable custom daemon restart detection code if needrestart is available - d/libpam-modules.postinst: Add /snap/bin to $PATH in /etc/environment * Dropped changes, obsoleted: - pam_motd: Export MOTD_SHOWN=pam after showing MOTD - Return only PAM_IGNORE or error from pam_motd - Fix patches to fix FTBFS - Backport pam_faillock module from pam 1.4.0 - debian/patches-applied/nullok_secure-compat.patch: Support nullok_secure as a deprecated alias for nullok. - debian/pam-configs/unix: use nullok, not nullok_secure. * Patches: - d/p/pam_motd-legal-notice: refreshed - Refreshed d/p/pam_umask_usergroups_from_login.defs.patch to use pam_modutil_search_key instead of our own hand-rolled version - d/p/extrausers.patch: Refreshed the patch and fixed the HAVE_LIBSELINUX conditional removed upstream. * d/local/pam-auth-update: refreshed the md5sum for debian/local/common-session -- Simon Chopin <simon.cho...@canonical.com> Tue, 26 Oct 2021 10:49:14 +0200 ** Changed in: pam (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1916509 Title: Update PAM and PAM modules Status in pam package in Ubuntu: Fix Released Bug description: I want to implement pam_faillock which replaces pam_tally2 but requires pam version >= 1.4.0 The ability to 'reliably' lock accounts after a certain number of failed attempts is a requirement of the NIST 800-171 controls implemented by many U.S. government agencies and contractors. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp