[Bug 2064350] Re: pam_userdb.so is missing
Dan Bungert
2064350 at bugs.launchpad.net
Tue Jun 4 22:11:43 UTC 2024
Marking fix released for Oracular, this was fixed but it wasn't noted in
the changelog.
** Changed in: pam (Ubuntu)
Status: Fix Committed => Fix Released
** Description changed:
[ Impact ]
- * In the process of bootstrapping pam for time_t, libdb-dev was
- deliberately removed in salsa commit 65621d8 to allow libdb-dev to
- undergo time_t transition.
- * The result of that is no pam_userdb.so in libpam-modules
- * The fix takes the form of correcting a build dependency, which
- results in pam_userdb.so being again available.
+ * In the process of bootstrapping pam for time_t, libdb-dev was
+ deliberately removed in salsa commit 65621d8 to allow libdb-dev to
+ undergo time_t transition.
+ * The result of that is no pam_userdb.so in libpam-modules
+ * The fix takes the form of correcting a build dependency, which
+ results in pam_userdb.so being again available.
[ Test Plan ]
- * regression
- * obtain a noble test system - I personally used a noble chroot
- * adjust apt sources and ensure noble-proposed is present
- * install libpam-modules 1.5.3-5ubuntu5.1
- * login to the test machine with appropriate credentials - the
- literal `login` command is useful here
- * userdb functionality
- * start with the same test machine from the regression test
- * install db5.3-util
- * modify /etc/pam.d/login to comment out all `auth` lines, and add
- this instead
+ * regression
+ * obtain a noble test system - I personally used a noble chroot
+ * adjust apt sources and ensure noble-proposed is present
+ * install libpam-modules 1.5.3-5ubuntu5.1
+ * login to the test machine with appropriate credentials - the
+ literal `login` command is useful here
+ * userdb functionality
+ * start with the same test machine from the regression test
+ * install db5.3-util
+ * modify /etc/pam.d/login to comment out all `auth` lines, and add
+ this instead
```
auth requisite pam_userdb.so db=/etc/dbtest
```
- * create a textfile named `input` that looks like
+ * create a textfile named `input` that looks like
```
your_username
test_password - different than /etc/shadow
```
- * `db5.3_load -T -f input -t hash /etc/dbtest.db`
- * login to the test machine with your_username and the
- test_password - the literal `login` command is useful here
+ * `db5.3_load -T -f input -t hash /etc/dbtest.db`
+ * login to the test machine with your_username and the
+ test_password - the literal `login` command is useful here
[ Where problems could occur ]
- * As usual, no SRU has zero risk
- * Any change to pam risks problems in user logins failing, so a
- basic regression test has been provided
+ * As usual, no SRU has zero risk
+ * Any change to pam risks problems in user logins failing, so a
+ basic regression test has been provided
+
+ [ Development release status ]
+
+ Issue fixed in merge from Debian and subsequent 1.5.3-7ubuntu1 upload.
[ Other Info ]
- * None at this time
+ * None at this time
original description follows
---
The file is missing from libpam-modules.
This breaks, for example, existing vsftp configs if it is configured to use pam_userdb.so
Log:
vsftpd: PAM unable to dlopen(pam_userdb.so): /usr/lib/security/pam_userdb.so: cannot open shared object file: No such file or directory
vsftpd: PAM adding faulty module: pam_userdb.so
Apparently there was a change which removed this in the past, and it
might be the removal has not been undone, while the package has been
released nevertheless.
http://changelogs.ubuntu.com/changelogs/pool/main/p/pam/pam_1.5.3-5ubuntu5/changelog
* For now remove libdb-dev so that libdb-dev can undergo time_t
transition. That means this version of pam does not include
pam_userdb, which makes pam unsuitable for release.
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
$ apt-cache policy libpam-modules
libpam-modules:
Installed: 1.5.3-5ubuntu5
Candidate: 1.5.3-5ubuntu5
Version table:
*** 1.5.3-5ubuntu5 500
500 http://de.archive.ubuntu.com/ubuntu noble/main amd64 Packages
100 /var/lib/dpkg/status
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2064350
Title:
pam_userdb.so is missing
Status in pam package in Ubuntu:
Fix Released
Status in pam source package in Noble:
Fix Committed
Status in pam package in Debian:
Fix Released
Bug description:
[ Impact ]
* In the process of bootstrapping pam for time_t, libdb-dev was
deliberately removed in salsa commit 65621d8 to allow libdb-dev to
undergo time_t transition.
* The result of that is no pam_userdb.so in libpam-modules
* The fix takes the form of correcting a build dependency, which
results in pam_userdb.so being again available.
[ Test Plan ]
* regression
* obtain a noble test system - I personally used a noble chroot
* adjust apt sources and ensure noble-proposed is present
* install libpam-modules 1.5.3-5ubuntu5.1
* login to the test machine with appropriate credentials - the
literal `login` command is useful here
* userdb functionality
* start with the same test machine from the regression test
* install db5.3-util
* modify /etc/pam.d/login to comment out all `auth` lines, and add
this instead
```
auth requisite pam_userdb.so db=/etc/dbtest
```
* create a textfile named `input` that looks like
```
your_username
test_password - different than /etc/shadow
```
* `db5.3_load -T -f input -t hash /etc/dbtest.db`
* login to the test machine with your_username and the
test_password - the literal `login` command is useful here
[ Where problems could occur ]
* As usual, no SRU has zero risk
* Any change to pam risks problems in user logins failing, so a
basic regression test has been provided
[ Development release status ]
Issue fixed in merge from Debian and subsequent 1.5.3-7ubuntu1 upload.
[ Other Info ]
* None at this time
original description follows
---
The file is missing from libpam-modules.
This breaks, for example, existing vsftp configs if it is configured to use pam_userdb.so
Log:
vsftpd: PAM unable to dlopen(pam_userdb.so): /usr/lib/security/pam_userdb.so: cannot open shared object file: No such file or directory
vsftpd: PAM adding faulty module: pam_userdb.so
Apparently there was a change which removed this in the past, and it
might be the removal has not been undone, while the package has been
released nevertheless.
http://changelogs.ubuntu.com/changelogs/pool/main/p/pam/pam_1.5.3-5ubuntu5/changelog
* For now remove libdb-dev so that libdb-dev can undergo time_t
transition. That means this version of pam does not include
pam_userdb, which makes pam unsuitable for release.
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
$ apt-cache policy libpam-modules
libpam-modules:
Installed: 1.5.3-5ubuntu5
Candidate: 1.5.3-5ubuntu5
Version table:
*** 1.5.3-5ubuntu5 500
500 http://de.archive.ubuntu.com/ubuntu noble/main amd64 Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2064350/+subscriptions
More information about the foundations-bugs
mailing list