On Mon, 27 May 2024 at 01:38, Sam Hartman <hartm...@debian.org> wrote: > > >>>>> "Luca" == Luca Boccassi <bl...@debian.org> writes: > > Luca> Ah thanks for the pointer to the file, I had missed that > Luca> somehow in the first reply. I see it now: the pam-config for > Luca> unix.so assumes that if something runs before then everything > Luca> is done already. Unfortunately that assumption is wrong. I'll > Luca> see if I can just hack it and monkey patch common-password in > Luca> the postinst to fix it up for now, as I assume this is some > Luca> load-bearing assumption. > > I think if you want to play with it and modify common-password, that's > fine. > > I do not think that's appropriate for testing though. > > I'm fairly uncomfortable with a package other than pam touching > common-password in postinst other than through pam-auth-update. > It's fairly unlikely to work and likely to cause problems on upgrade. > I'd be much happier with (at least for now) simply not auto-configuring > systemd-home and leaving that to the sysadmin. > I appreciate that is not what you want to hear, but: > > 1) I believe that package a modifying a configuration file of package b > without cooperation of package b is a clear policy violation. > > 2) common-password is a configuration file of pam. > > 3) I'd like to understand the situation muchd better and especially why > you need to be account-type:primary. > I suspect we're going to need to have changes to pam-auth-update.
It is a horrible hack, no doubt about that, and will require reconfigures/reinstalls every now and then - however, it fixes the problem on install, which is directly solving my problem, as fresh testing images are broken and I need them working for my development/test workflows, so I'll still add it. It's an optional package with no reverse depends, so not really a problem for anybody who doesn't use it. Once there is a better solution, I will happily switch over. Thanks for the hints that helped figure this out, it did not occur to me to look into the other config.
