[Bug 2101949] [NEW] pam-auth-update --remove sss does not work
Kevin lin
2101949 at bugs.launchpad.net
Tue Mar 11 10:26:02 UTC 2025
Public bug reported:
# Ask pam-auth-update disable SSS authentication profile
$ sudo pam-auth-update --remove sss
# SSSD is removed from PAM
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-session.pam-old:session optional pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-account.pam-old:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-password.pam-old:password sufficient pam_sss.so use_authtok
# As pam-auth-update viewpoint, SSS authentication profile still enable
$ sudo pam-auth-update
<omit>
shows [*] SSS authentication
<omit>
# Ask pam-auth-update to do something
$ sudo pam-auth-update --add --winbind --enable mkhomedir
# SSSD is back to PAM even no one ask for it,
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-account:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-session.pam-old:session optional pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-password:password sufficient pam_sss.so use_authtok
/etc/pam.d/common-account.pam-old:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-auth:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-password.pam-old:password sufficient pam_sss.so use_authtok
/etc/pam.d/common-session:session optional pam_sss.so
# Version
$ whereis pam-auth-update
pam-auth-update: /usr/sbin/pam-auth-update /usr/share/man/man8/pam-auth-update.8.gz
$ dpkg -S /usr/sbin/pam-auth-update
libpam-runtime: /usr/sbin/pam-auth-update
$ dpkg -l libpam-runtime
<omit>
||/ Name Version Architecture Description
+++-==============-=================-============-===================================
ii libpam-runtime 1.4.0-11ubuntu2.5 all Runtime support for the PAM library
<omit>
** Affects: pam (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
# Ask pam-auth-update disable SSS authentication profile
$ sudo pam-auth-update --remove sss
# SSSD is removed from PAM
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-session.pam-old:session optional pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-account.pam-old:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-password.pam-old:password sufficient pam_sss.so use_authtok
# As pam-auth-update viewpoint, SSS authentication profile still enable
$ sudo pam-auth-update
<omit>
shows [*] SSS authentication
<omit>
# Ask pam-auth-update to do something
$ sudo pam-auth-update --add --winbind --enable mkhomedir
# SSSD is back to PAM even no one ask for it,
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-account:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-session.pam-old:session optional pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-password:password sufficient pam_sss.so use_authtok
/etc/pam.d/common-account.pam-old:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-auth:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-password.pam-old:password sufficient pam_sss.so use_authtok
/etc/pam.d/common-session:session optional pam_sss.so
- #
+ # Version
$ whereis pam-auth-update
pam-auth-update: /usr/sbin/pam-auth-update /usr/share/man/man8/pam-auth-update.8.gz
$ dpkg -S /usr/sbin/pam-auth-update
libpam-runtime: /usr/sbin/pam-auth-update
$ dpkg -l libpam-runtime
<omit>
||/ Name Version Architecture Description
+++-==============-=================-============-===================================
ii libpam-runtime 1.4.0-11ubuntu2.5 all Runtime support for the PAM library
<omit>
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2101949
Title:
pam-auth-update --remove sss does not work
Status in pam package in Ubuntu:
New
Bug description:
# Ask pam-auth-update disable SSS authentication profile
$ sudo pam-auth-update --remove sss
# SSSD is removed from PAM
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-session.pam-old:session optional pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-account.pam-old:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-password.pam-old:password sufficient pam_sss.so use_authtok
# As pam-auth-update viewpoint, SSS authentication profile still enable
$ sudo pam-auth-update
<omit>
shows [*] SSS authentication
<omit>
# Ask pam-auth-update to do something
$ sudo pam-auth-update --add --winbind --enable mkhomedir
# SSSD is back to PAM even no one ask for it,
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-account:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-session.pam-old:session optional pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-password:password sufficient pam_sss.so use_authtok
/etc/pam.d/common-account.pam-old:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-auth:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-password.pam-old:password sufficient pam_sss.so use_authtok
/etc/pam.d/common-session:session optional pam_sss.so
# Version
$ whereis pam-auth-update
pam-auth-update: /usr/sbin/pam-auth-update /usr/share/man/man8/pam-auth-update.8.gz
$ dpkg -S /usr/sbin/pam-auth-update
libpam-runtime: /usr/sbin/pam-auth-update
$ dpkg -l libpam-runtime
<omit>
||/ Name Version Architecture Description
+++-==============-=================-============-===================================
ii libpam-runtime 1.4.0-11ubuntu2.5 all Runtime support for the PAM library
<omit>
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2101949/+subscriptions
More information about the foundations-bugs
mailing list