[Bug 1081679] [NEW] pam-auth-update needs a way to fine tune the order of the stack

Wed, 21 Nov 2012 08:45:38 -0800 

Public bug reported:

libpam-sss needs special features from pam-auth-update, because on the
auth stack pam_sss has to be below pam_unix ("mandated" by upstream, it
had several issues of it's own), but on the password stack it needs to
have a higher priority so that it would work properly when pam_cracklib
is installed.

The current config snippet:
..
Priority: 128
Password-Type: Primary
Password:
        sufficient                                      pam_sss.so
Password-Initial:
        sufficient                                      pam_sss.so
..

..had to drop use_authtok from non-initial case (= the default). Here
Password-Initial is basically bogus, since it's never used. This now
breaks when pam_cracklib is installed, since it has the highest priority
and will always be on top. But I had to use what works for the default
install.

Now, I'd suggest adding support for '$STACK-Priority' or such, in this
case 'Password-Priority: 512' which would make it higher than pam_unix
with the default install but still lower than pam_cracklib (1024 iirc),
so both use cases would then work.

unless this sounds too crackful, I'll try to implement it..

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: libpam-runtime 1.1.3-7ubuntu3
ProcVersionSignature: Ubuntu 3.5.0-18.29-generic 3.5.7
Uname: Linux 3.5.0-18-generic x86_64
ApportVersion: 2.6.1-0ubuntu6
Architecture: amd64
Date: Wed Nov 21 18:12:08 2012
InstallationDate: Installed on 2012-11-07 (14 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=fi_FI.UTF-8
 SHELL=/bin/zsh
SourcePackage: pam
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: pam (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug quantal running-unity

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1081679

Title:
  pam-auth-update needs a way to fine tune the order of the stack

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1081679/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to