On Tue, 2015-04-14 at 15:28 +0930, Phil Nitschke wrote: > We inherited a legacy system where user's UIDs are less than 1000. > We set the UID_MIN value in /etc/login.defs, but whenever libpam-ldapd is > updated, it specifies minimum_uid=1000 and users cannot log in.
I also manage a legacy system with uid below 1000. We have made
modifications to minimum_uid in /etc/pam.d/common-* and have not seen
any changes on upgrades. The pam-auth-update command is supposed to keep
manual changes to those files intact.
> I suggest having the postinst script run a couple tests, e.g.
>
> MINUID=`grep "^UID_MIN" /etc/login.defs | awk '{print $2}'`
>
> Then if $MINUID != 1000, use it to update the values in /usr/share/pam-
> configs/ldap, prior to running pam-auth-update.
I don't think the postinst is allowed to modify files under /usr so this
would quickly turn into something ugly with a symlink.
Perhaps it is possible to modify minimum_uid in /etc/pam.d/common-* from
the postinst but this also sounds very fragile to me.
Thanks,
--
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
