The --disable flag does not exist in Jammy, it was introduced in PAM 1.5.2-6 https://tracker.debian.org/news/1405352/accepted- pam-152-6-source-into-unstable/
The two files are the same which is probably not intended as they will add the same entries twice. Using the below config, `pam auth-update --remove faillock faillock_notify` works as intended and removes both entries from common-auth. ``` cat << EOF >> /usr/share/pam-configs/faillock Name: Enable pam_faillock to deny access Default: yes Priority: 0 Auth-Type: Primary Auth: [default=die] pam_faillock.so authfail EOF ``` Note that because the profiles have "Default: yes", they will be automatically re-enabled on subsequent calls to pam-auth-update (unless called with `--remove faillock faillock_notify`), which may not be what you want if the aim is to disable the profiles. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089712 Title: pam-auth-update --remove doesn't work properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2089712/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
