[Bug 230466] Re: Likewise uninstall, Lock login to system

[Thierry Carrez]

SRU report

Bug impact:
Removing the likewise-open package while a domain is joined will result in a system on which you cannot login anymore.

Fix in the development branch:
This was addressed in Intrepid for version 4.1.0.2956-0ubuntu1, using the same patch that will be applied here.

Minimal patch:
--- likewise-open-4.0.5.orig/debian/likewise-open.prerm
+++ likewise-open-4.0.5/debian/likewise-open.prerm
@@ -0,0 +1,11 @@
+#!/bin/sh -e
+
+#DEBHELPER#
+
+case "$1" in
+    remove)
+	if [ -x /usr/bin/domainjoin-cli ]; then
+	    domainjoin-cli leave || true
+	fi
+    ;;
+esac

TEST CASE:
NB: You'll need an AD setup to test that (a domain needs to be successfully joined).
$ sudo apt-get install likewise-open
$ sudo domainjoin-cli join your-domain your-Administrator your-password
SUCCESS
$ sudo apt-get remove likewise-open
Then try to log in.
Without the fix: SSH or local login will fail with "PAM unable to dlopen(/lib/security/pam_lwidentity.so)" error in auth.log
With the fix: SSH or local login will continue to work after removal of likewise-open (domain is properly left at prerm).

Regression potential:
The patch only affects prerm : it tries to leave the domain but will gracefully accept failure to do so. The only regression I can think of is that before this fix you could reinstall likewise-open after having removed it and still enjoy your domain membership... that is, if you don't log out in between.

-- 
Likewise uninstall, Lock login to system
https://bugs.launchpad.net/bugs/230466
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to likewise-open in ubuntu.