[Bug 2089712] Re: pam-auth-update --remove doesn't work properly

Miha Purg 2089712 at bugs.launchpad.net
Wed Nov 27 08:26:39 UTC 2024 

The --disable flag does not exist in Jammy, it was introduced in PAM
1.5.2-6 https://tracker.debian.org/news/1405352/accepted-
pam-152-6-source-into-unstable/


The two files are the same which is probably not intended as they will add the same entries twice.
Using the below config, `pam auth-update --remove faillock faillock_notify` works as intended and removes both entries from common-auth. 
```
cat << EOF >> /usr/share/pam-configs/faillock
Name: Enable pam_faillock to deny access
Default: yes
Priority: 0
Auth-Type: Primary
Auth:
   [default=die]   pam_faillock.so authfail
EOF
```

Note that because the profiles have "Default: yes", they will be
automatically re-enabled on subsequent calls to pam-auth-update (unless
called with `--remove faillock faillock_notify`), which may not be what
you want if the aim is to disable the profiles.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2089712

Title:
  pam-auth-update --remove doesn't work properly

Status in pam package in Ubuntu:
  New

Bug description:
  Issue:
  If use `pam-auth-update --remove profile` to remove a profile, it has no effect: the /etc/pam.d/common-auth doesn't change at all. 
  OS: jammy
  libpam-runtime: 1.4.0-11ubuntu2.4

  
  The profile I use

  ```
  cat << EOF > /usr/share/pam-configs/faillock
  Name: Notify of failed login attempts and reset count upon success
  Default: yes
  Priority: 1024
  Auth-Type: Primary
  Auth:
      requisite                       pam_faillock.so preauth
  Account-Type: Primary
  Account:
      required                        pam_faillock.so
  EOF

  cat << EOF > /usr/share/pam-configs/faillock_notify
  Name: Notify of failed login attempts and reset count upon success
  Default: yes
  Priority: 1024
  Auth-Type: Primary
  Auth:
      requisite                       pam_faillock.so preauth
  Account-Type: Primary
  Account:
      required                        pam_faillock.so
  EOF
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2089712/+subscriptions

More information about the foundations-bugs mailing list