Overview
Request 717661 superseded
- Created by sbrabec
- In state superseded
- Supersedes 716132
- Superseded by 720087
- Open review for factory-staging
+- Prevent outdated pam files ([bsc#1082293](https://bugzilla.opensuse.org/show_bug.cgi?id=1082293), [boo#1081947](https://bugzilla.opensuse.org/show_bug.cgi?id=1081947)#c68): + * Remove "(noreplace)". It will enforce update whenever package + changes it.
Is that a good idea? Adjusting the users pam stack in /etc is imho a really bad idea - we have no idea what the users did to their stack. They could have added gnome-keyring (as the pam-gnome-keyring package adds to the config), the could have enabled google auth. Resetting their config over and over will cause a ton of complaints
e.g on my machine, I have:
diff -ur common-auth common-auth.rpmnew --- common-auth 2019-07-17 12:12:10.995662248 +0200 +++ common-auth.rpmnew 2018-03-03 13:02:22.000000000 +0100 @@ -1,16 +1,11 @@ -#%PAM-1.0 # -# This file is autogenerated by pam-config. All changes -# will be overwritten. -# -# Authentication-related modules common to all services +# /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system -# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # -auth required pam_env.so -auth optional pam_gnome_keyring.so -auth required pam_unix.so try_first_pass +auth required pam_env.so +auth required pam_unix.so try_first_pass
Except the comments, there is no real change I'd want util-linux to replace my files - as this would break my gnome keyring integration.
@kukuk can you please, with your pam background knowledge, have a look at this request?
for me, this sounds like a rabbit hole where we can never find out again.
Request History
sbrabec created request
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
staging-bot set openSUSE:Factory:Staging:C as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:C"
staging-bot accepted review
Picked openSUSE:Factory:Staging:C
dimstar_suse accepted review
Removing from openSUSE:Factory:Staging:C, re-evaluation needed
dimstar_suse added factory-staging as a reviewer
Requesting new staging review
dimstar declined review
https://bugzilla.opensuse.org/show_bug.cgi?id=1081947#c73
Constantly replacing the users PAM config can lead to very bad effects, like no longer to be able to log in.
The pam config files are even auto-changed by some of our packages, e.g. gnome-keyring-pam, when the keyring is integrated into the pam stack. This would be undone on next update of pam again, which is inacceptable for a working system
dimstar declined request
https://bugzilla.opensuse.org/show_bug.cgi?id=1081947#c73
Constantly replacing the users PAM config can lead to very bad effects, like no longer to be able to log in.
The pam config files are even auto-changed by some of our packages, e.g. gnome-keyring-pam, when the keyring is integrated into the pam stack. This would be undone on next update of pam again, which is inacceptable for a working system
New fix.
Waiting for comments re sr#717661