It seems to be impossible to manage some pam auth settings non- interactively due to this bug.
For example, I want to fetch user/group info from LDAP on a server so I install 'libnss-ldap'. This automatically enables ldap authentication in PAM (this already seems like a bad idea) which I don't want, I just want the user/group info available. My first attempt to avoid this is just edit /etc/pam.d/common-auth to not use ldap. However, this manual edit will get silently reverted anytime the libnss-ldap package gets updated (or pam-auth-update gets run for some other reason). Ok, so I research pam-auth-update which claims that "Debconf is the correct interface to use for management of PAM config files" (https://wiki.ubuntu.com/PAMConfigFrameworkSpec). Ok so I use debconf- setselections to remove "ldap" from "libpam-runtime/profiles". I try running "dpkg-reconfigure libnss-ldap" and it completely wipes my manual debconf settings and re-enables ldap authentication! There has to be __some__ way to avoid this behavior and not have it silently re-enabled behind my back. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/682662 Title: pam-auth-update ignores debconf settings Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Won't Fix Bug description: pam-auth-update ignores the current debconf-settings. This makes it impossible to do automatically configure pam in noninteractive installations. Demonstration: ~ # debconf-get-selections | grep libpam-runtime libpam-runtime libpam-runtime/override boolean true libpam-runtime libpam-runtime/conflicts error libpam-runtime libpam-runtime/no_profiles_chosen error libpam-runtime libpam-runtime/profiles multiselect krb5, unix, ldap, tmpdir, gnome-keyring, consolekit libpam-runtime libpam-runtime/you-had-no-auth error ~ # DEBIAN_FRONTEND=noninteractive pam-auth-update ~ # debconf-get-selections | grep libpam-runtime libpam-runtime libpam-runtime/override boolean false libpam-runtime libpam-runtime/conflicts error libpam-runtime libpam-runtime/no_profiles_chosen error libpam-runtime libpam-runtime/profiles multiselect krb5, unix, winbind, ldap libpam-runtime libpam-runtime/you-had-no-auth error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/682662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
