[Bug 2064350] Re: pam_userdb.so is missing

Dan Bungert 2064350 at bugs.launchpad.net
Wed May 1 20:25:27 UTC 2024 

** Changed in: pam (Ubuntu)
       Status: In Progress => Fix Committed

** Changed in: pam (Ubuntu Noble)
       Status: New => In Progress

** Changed in: pam (Ubuntu Noble)
   Importance: Undecided => High

** Changed in: pam (Ubuntu Noble)
     Assignee: (unassigned) => Dan Bungert (dbungert)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2064350

Title:
  pam_userdb.so is missing

Status in pam package in Ubuntu:
  Fix Committed
Status in pam source package in Noble:
  In Progress
Status in pam package in Debian:
  Fix Released

Bug description:
  [ Impact ]

   * In the process of bootstrapping pam for time_t, libdb-dev was
     deliberately removed in salsa commit 65621d8 to allow libdb-dev to
     undergo time_t transition.
   * The result of that is no pam_userdb.so in libpam-modules
   * The fix takes the form of correcting a build dependency, which
     results in pam_userdb.so being again available.

  [ Test Plan ]

   * regression
     * obtain a noble test system - I personally used a noble chroot
     * adjust apt sources and ensure noble-proposed is present
     * install libpam-modules 1.5.3-5ubuntu5.1
     * login to the test machine with appropriate credentials - the
       literal `login` command is useful here
   * userdb functionality
     * start with the same test machine from the regression test
     * install db5.3-util
     * modify /etc/pam.d/login to comment out all `auth` lines, and add
       this instead
  ```
  auth requisite pam_userdb.so db=/etc/dbtest
  ```
     * create a textfile named `input` that looks like
  ```
  your_username
  test_password - different than /etc/shadow
  ```
     * `db5.3_load -T -f input -t hash /etc/dbtest.db`
     * login to the test machine with your_username and the
       test_password - the literal `login` command is useful here

  [ Where problems could occur ]

   * As usual, no SRU has zero risk
   * Any change to pam risks problems in user logins failing, so a
     basic regression test has been provided

  [ Other Info ]

   * None at this time

  original description follows
  ---

  The file is missing from libpam-modules.
  This breaks, for example, existing vsftp configs if it is configured to use pam_userdb.so

  Log:

  vsftpd: PAM unable to dlopen(pam_userdb.so): /usr/lib/security/pam_userdb.so: cannot open shared object file: No such file or directory
  vsftpd: PAM adding faulty module: pam_userdb.so

  Apparently there was a change which removed this in the past, and it
  might be the removal has not been undone, while the package has been
  released nevertheless.

  http://changelogs.ubuntu.com/changelogs/pool/main/p/pam/pam_1.5.3-5ubuntu5/changelog

    * For now remove libdb-dev so that libdb-dev can undergo time_t
      transition.  That means this version of pam does not include
      pam_userdb, which makes pam unsuitable for release.

  $ lsb_release -rd
  No LSB modules are available.
  Description:    Ubuntu 24.04 LTS
  Release:        24.04

  $ apt-cache policy libpam-modules
  libpam-modules:
    Installed: 1.5.3-5ubuntu5
    Candidate: 1.5.3-5ubuntu5
    Version table:
   *** 1.5.3-5ubuntu5 500
          500 http://de.archive.ubuntu.com/ubuntu noble/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2064350/+subscriptions

More information about the foundations-bugs mailing list