pam_mount is also in the session stack, and I can see why switching
users would ask to enter the password.
With sudo, no password re-enter is requested. I noticed this difference
between sudo and su pam configurations:
/etc/pam.d/sudo:
@include common-session-noninteractive
/etc/pam.d/su:
@include common-session
The common-session-noninteractive stack does not invoke pam_mount, which
makes sense. There is no su-noninteractive, though, just "su-l".
Anyway, still scratching my head on why this would have become an issue
only from questing onwards. I checked postgresql, and the "su" call only
had a change to drop "-" many years ago, and with or without that "-"
the effect is the same (password prompt).
I suppose we could switch the "su" call to "sudo", but I would like to
know what's going on first, in terms of what changed in questing. And
it's not rust-coreutils, since su comes from util-linux.
So when su -l is used, it should read a different pam config file. From
the manpage:
/etc/pam.d/su-l
PAM configuration file if --login is specified
And "su -" is equivalent to "su --login", so what is going on?
On noble:
root@r-pam-mount:~# su -l ubuntu -c "echo test"
reenter password for pam_mount:
Sniffing open calls in /etc/pam.d, we see:
5.863458000 0 4963 su 3 0 /etc/pam.d/su-l
5.863479000 0 4963 su 4 0 /etc/pam.d/su
5.864603000 0 4963 su 5 0 /etc/pam.d/common-auth
5.876894000 0 4963 su 5 0 /etc/pam.d/common-account
5.877116000 0 4963 su 5 0 /etc/pam.d/common-session
...
Interesting, so both /etc/pam.d/su-l and /etc/pam.d/su were opened, why
not just su-l?
Ok, su-l includes su...:
# cat /etc/pam.d/su-l
#%PAM-1.0
auth include su
account include su
password include su
session optional pam_keyinit.so force revoke
session include su
Dead end here.
Ok, enough time spent on triage. There is something going on here, and
if you happen to have libpam-mount installed and configured for all
users (user="*"), you will likely hit this problem. Below the noble
case, where I just installed postgresql-common:
...
Setting up postgresql-common (257build1.1) ...
reenter password for pam_mount:
Progress: [ 93%]
[#############################################################################################################################################################............]
It's stuck there.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2130575
Title:
dpkg stuck in "reenter password for pam_mount"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-mount/+bug/2130575/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
