Package: libpam-ldap Version: 184-8.5 Severity: critical Many files in in "/usr/share/doc/libpam-ldap/examples/pam.d/" have entries that refer to non existing "pam_unix_*.so" files.
The following files do not exist anymore on Squeeze, but they used to exist on Lenny: /lib/security/pam_unix_auth.so /lib/security/pam_unix_acct.so /lib/security/pam_unix_session.so The following files in "/usr/share/doc/libpam-ldap/examples/pam.d/" are affected: chfn chsh gdm linuxconf linuxconf-pair login passwd pop rexec rlogin rsh samba ssh su xdm The fix is to replace all occurrences of "pam_unix_*.so" with "pam_unix.so". This "bug" also exists in the upstream tarball, but since other platforms may still be using "pam_unix_*.so" files a patch against the debian soource package would be best I believe. I am trying to create a patch, but I am new to Debian patch creation so bear with me. :-) I am marking this as critical because if you are using these files to enable authentication against LDAP using pam, then after upgrading from Lenny to Squeeze or newer it will become impossible to log into your system after reboot except by booting into single user mode and logging in as root at the console. No other log in method seems to work. This can render your system unusable, or at least unmanagable because you can not log in remotely, neither on the console, except when booting into single user mode. Although the system does continue to work as before with regards to services that start automatically after reboot and do not require pam-ldap, such as apache2 and exim4. Since these examples pretty much used to work "out of the box" and likely were copied to "/etc/pam.d/" without much editing I suspect many systems that use this package could be affected. I believe all platforms are affected, but I tested it on amd64 systems when upgrading from Lenny to Squeeze. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
