Public bug reported: libpam-sss needs special features from pam-auth-update, because on the auth stack pam_sss has to be below pam_unix ("mandated" by upstream, it had several issues of it's own), but on the password stack it needs to have a higher priority so that it would work properly when pam_cracklib is installed.
The current config snippet: .. Priority: 128 Password-Type: Primary Password: sufficient pam_sss.so Password-Initial: sufficient pam_sss.so .. ..had to drop use_authtok from non-initial case (= the default). Here Password-Initial is basically bogus, since it's never used. This now breaks when pam_cracklib is installed, since it has the highest priority and will always be on top. But I had to use what works for the default install. Now, I'd suggest adding support for '$STACK-Priority' or such, in this case 'Password-Priority: 512' which would make it higher than pam_unix with the default install but still lower than pam_cracklib (1024 iirc), so both use cases would then work. unless this sounds too crackful, I'll try to implement it.. ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: libpam-runtime 1.1.3-7ubuntu3 ProcVersionSignature: Ubuntu 3.5.0-18.29-generic 3.5.7 Uname: Linux 3.5.0-18-generic x86_64 ApportVersion: 2.6.1-0ubuntu6 Architecture: amd64 Date: Wed Nov 21 18:12:08 2012 InstallationDate: Installed on 2012-11-07 (14 days ago) InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5) MarkForUpload: True PackageArchitecture: all ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=fi_FI.UTF-8 SHELL=/bin/zsh SourcePackage: pam UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: pam (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug quantal running-unity -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1081679 Title: pam-auth-update needs a way to fine tune the order of the stack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1081679/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs