** Description changed: Hey! We're using libpam in the Ubuntu Core rootfs for the core24 snap (which is pam from Noble). We've run into a sitaution where we would like to move pam.d files into /usr/lib/pam.d instead of /etc/pam.d, and looking at man pages this should be supported. (I.e it always checks /etc/pam.d first, then /usr/lib/pam.d). However, there seems to be an issue (or misunderstanding) in terms of how `include`'s are loaded. For an installation that has all pam.d files in /usr/lib we get this error: ``` [ 556.375377] sshd[3553]: PAM _pam_load_conf_file: unable to open config for /etc/pam.d/common-auth [ 556.377644] sshd[3553]: PAM error loading (null) [ 556.379731] sshd[3553]: PAM _pam_init_handlers: error reading /usr/lib/pam.d/sshd [ 556.382681] sshd[3553]: PAM _pam_init_handlers: [Critical error - immediate abort] [ 556.384512] sshd[3553]: PAM error reading PAM configuration file [ 556.386397] sshd[3553]: PAM pam_start: failed to initialize handlers [ 556.389716] sshd[3553]: PAM pam_end: NULL pam handle passed [ 556.393755] sshd[3553]: fatal: PAM: initialisation failed ``` It seems to correctly read sshd from /usr/lib/pam.d/, however the includes it seems it insists on loading through /etc/pam.d. Looking at the code: https://git.launchpad.net/ubuntu/+source/pam/tree/libpam/pam_handlers.c?h=applied/ubuntu/noble#n227 it seems that it only checks /etc/pam.d, and not /usr/lib/pam.d. This seems to not be in line with the man pages? + + *note* this seem at first glance that there might be a bug in the patch + `debian/patches/031_pam_include`
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/2087827 Title: Pam includes does not look in /usr/lib/pam.d Status in pam package in Ubuntu: New Bug description: Hey! We're using libpam in the Ubuntu Core rootfs for the core24 snap (which is pam from Noble). We've run into a sitaution where we would like to move pam.d files into /usr/lib/pam.d instead of /etc/pam.d, and looking at man pages this should be supported. (I.e it always checks /etc/pam.d first, then /usr/lib/pam.d). However, there seems to be an issue (or misunderstanding) in terms of how `include`'s are loaded. For an installation that has all pam.d files in /usr/lib we get this error: ``` [ 556.375377] sshd[3553]: PAM _pam_load_conf_file: unable to open config for /etc/pam.d/common-auth [ 556.377644] sshd[3553]: PAM error loading (null) [ 556.379731] sshd[3553]: PAM _pam_init_handlers: error reading /usr/lib/pam.d/sshd [ 556.382681] sshd[3553]: PAM _pam_init_handlers: [Critical error - immediate abort] [ 556.384512] sshd[3553]: PAM error reading PAM configuration file [ 556.386397] sshd[3553]: PAM pam_start: failed to initialize handlers [ 556.389716] sshd[3553]: PAM pam_end: NULL pam handle passed [ 556.393755] sshd[3553]: fatal: PAM: initialisation failed ``` It seems to correctly read sshd from /usr/lib/pam.d/, however the includes it seems it insists on loading through /etc/pam.d. Looking at the code: https://git.launchpad.net/ubuntu/+source/pam/tree/libpam/pam_handlers.c?h=applied/ubuntu/noble#n227 it seems that it only checks /etc/pam.d, and not /usr/lib/pam.d. This seems to not be in line with the man pages? *note* this seem at first glance that there might be a bug in the patch `debian/patches/031_pam_include` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2087827/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
