Hello,
I also observe this bug on one of the sid i admin. But my /etc/environment only contain: en_US Is it incorrect ? Should it be LANG=en_US ? Is there some other file read by pam_env.so that I should check ? I got this message with su. Password: su: Bad item passed to pam_*_item() zsh: exit 1 su in auth.log the corresponding lines are: Aug 29 20:18:02 altair su[21171]: Successful su for root by xtophe Aug 29 20:18:02 altair su[21171]: + pts/4 xtophe:root Aug 29 20:18:02 altair su[21171]: pam_env(su:session): pam_putenv: delete non-existent entry; en_US Aug 29 20:18:02 altair su[21171]: pam_env(su:session): Unable to open env file: /etc/default/locale: No such file or directory Aug 29 20:18:02 altair su[21171]: pam_unix(su:session): session opened for user root by xtophe(uid=1006) Aug 29 20:18:02 altair su[21171]: pam_open_session: Bad item passed to pam_*_item() Thanks, -- Xtophe ***/etc/pam.d/su***** # # The PAM configuration file for the Shadow `su' service # # This allows root to su without passwords (normal operation) auth sufficient pam_rootok.so # Uncomment this to force users to be a member of group root # before they can use `su'. You can also add "group=foo" # to the end of this line if you want to use a group other # than the default "root" (but this may have side effect of # denying "root" user, unless she's a member of "foo" or explicitly # permitted earlier by e.g. "sufficient pam_rootok.so"). # (Replaces the `SU_WHEEL_ONLY' option from login.defs) # auth required pam_wheel.so # Uncomment this if you want wheel members to be able to # su without a password. # auth sufficient pam_wheel.so trust # Uncomment this if you want members of a specific group to not # be allowed to use su at all. # auth required pam_wheel.so deny group=nosu # Uncomment and edit /etc/security/time.conf if you need to set # time restrainst on su usage. # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs # as well as /etc/porttime) # account requisite pam_time.so # This module parses environment configuration file(s) # and also allows you to use an extended config # file /etc/security/pam_env.conf. # # parsing /etc/environment needs "readenv=1" session required pam_env.so readenv=1 # locale variables are also kept into /etc/default/locale in etch # reading this file *in addition to /etc/environment* does not hurt session required pam_env.so readenv=1 envfile=/etc/default/locale # Defines the MAIL environment variable # However, userdel also needs MAIL_DIR and MAIL_FILE variables # in /etc/login.defs to make sure that removing a user # also removes the user's mail spool file. # See comments in /etc/login.defs # # "nopen" stands to avoid reporting new mail when su'ing to another user session optional pam_mail.so nopen # Sets up user limits, please uncomment and read /etc/security/limits.conf # to enable this functionality. # (Replaces the use of /etc/limits in old login) # session required pam_limits.so # The standard Unix authentication modules, used with # NIS (man nsswitch) as well as normal /etc/passwd and # /etc/shadow entries. @include common-auth @include common-account @include common-session **** /etc/pam.d/common-account ********* # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so ***** /etc/pam.d/common-auth ***** # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure ******* /etc/pam.d/common-password ***** # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 ***** /etc/pam.d/common-session # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
