[Touch-packages] [Bug 2087827] Re: Pam includes does not look in /usr/lib/pam.d

[Launchpad Bug Tracker]

This bug was fixed in the package pam - 1.5.3-7ubuntu5

---------------
pam (1.5.3-7ubuntu5) questing; urgency=medium

  * d/p/031_pam_include: fix loading from /usr/lib/pam.d (LP: #2087827)

 -- Simon Chopin <scho...@ubuntu.com>  Wed, 21 May 2025 16:03:01 +0200

** Changed in: pam (Ubuntu Questing)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2087827

Title:
  Pam includes does not look in /usr/lib/pam.d

Status in pam package in Ubuntu:
  Fix Released
Status in pam source package in Noble:
  New
Status in pam source package in Oracular:
  New
Status in pam source package in Plucky:
  New
Status in pam source package in Questing:
  Fix Released

Bug description:
  Hey!

  We're using libpam in the Ubuntu Core rootfs for the core24 snap
  (which is pam from Noble). We've run into a sitaution where we would
  like to move pam.d files into /usr/lib/pam.d instead of /etc/pam.d,
  and looking at man pages this should be supported. (I.e it always
  checks /etc/pam.d first, then /usr/lib/pam.d).

  However, there seems to be an issue (or misunderstanding) in terms of
  how `include`'s are loaded. For an installation that has all pam.d
  files in /usr/lib we get this error:

  ```
  [  556.375377] sshd[3553]: PAM _pam_load_conf_file: unable to open config for 
/etc/pam.d/common-auth
  [  556.377644] sshd[3553]: PAM error loading (null)
  [  556.379731] sshd[3553]: PAM _pam_init_handlers: error reading 
/usr/lib/pam.d/sshd
  [  556.382681] sshd[3553]: PAM _pam_init_handlers: [Critical error - 
immediate abort]
  [  556.384512] sshd[3553]: PAM error reading PAM configuration file
  [  556.386397] sshd[3553]: PAM pam_start: failed to initialize handlers
  [  556.389716] sshd[3553]: PAM pam_end: NULL pam handle passed
  [  556.393755] sshd[3553]: fatal: PAM: initialisation failed

  ```

  It seems to correctly read sshd from /usr/lib/pam.d/, however the
  includes it seems it insists on loading through /etc/pam.d. Looking at
  the code:
  
https://git.launchpad.net/ubuntu/+source/pam/tree/libpam/pam_handlers.c?h=applied/ubuntu/noble#n227
  it seems that it only checks /etc/pam.d, and not /usr/lib/pam.d. This
  seems to not be in line with the man pages?

  *note* this seem at first glance that there might be a bug in the
  patch `debian/patches/031_pam_include`

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2087827/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp