This does appear to be "working as designed" on jammy. Tested with the profiles in the original report and as noted in comment 2, whilst pam-auth-update --remove will transiently disable the profiles in the PAM configuration, any subsequent run of pam-auth-update will re- enable them because there is no facility for disabling them (until noble, which introduces the --disable flag), short of editing the profile's Default setting.
Given this is "working as designed", I'm setting this to invalid status. A case might be made to backport the "--disable" functionality from noble, but new functionality in stable releases has a high bar to pass SRU policy (https://canonical-sru-docs.readthedocs- hosted.com/en/latest/reference/requirements/#requirements). ** Changed in: pam (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/2089712 Title: pam-auth-update --remove doesn't work properly Status in pam package in Ubuntu: Invalid Bug description: Issue: If use `pam-auth-update --remove profile` to remove a profile, it has no effect: the /etc/pam.d/common-auth doesn't change at all. OS: jammy libpam-runtime: 1.4.0-11ubuntu2.4 The profile I use ``` cat << EOF > /usr/share/pam-configs/faillock Name: Enable pam_faillock to deny access Default: yes Priority: 0 Auth-Type: Primary Auth: [default=die] pam_faillock.so authfail EOF cat << EOF > /usr/share/pam-configs/faillock_notify Name: Notify of failed login attempts and reset count upon success Default: yes Priority: 1024 Auth-Type: Primary Auth: requisite pam_faillock.so preauth Account-Type: Primary Account: required pam_faillock.so EOF ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2089712/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
