Okay, so running the noble dep8 tests against the plain pre-sru package
also fails:
788s autopkgtest [03:29:53]: @@@@@@@@@@@@@@@@@@@@ summary
788s ldap-user-group-ldap-auth PASS
788s ldap-user-group-krb5-auth PASS
788s sssd-softhism2-certificates-tests.sh PASS
788s sssd-smart-card-pam-auth-configs FAIL non-zero exit status 2
788s qemu-system-x86_64: terminating on signal 15 from pid 12145
(/usr/bin/python3)
The failure is the same.
622s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required
623s + for alternative in "${alternative_pam_configs[@]}"
623s + pam-auth-update --enable sss-smart-card-optional
623s + cat /etc/pam.d/common-auth
623s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate
623s + echo -n -e 123456
623s #
623s # /etc/pam.d/common-auth - authentication settings common to all services
623s #
623s # This file is included from other service-specific PAM config files,
623s # and should contain a list of the authentication modules that define
623s # the central authentication scheme for use on the system
623s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
623s # traditional Unix authentication mechanisms.
623s #
623s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
623s # To take advantage of this, it is recommended that you configure any
623s # local modules either before or after the default block, and use
623s # pam-auth-update to manage selection of other modules. See
623s # pam-auth-update(8) for details.
623s
623s # here are the per-package modules (the "Primary" block)
623s auth [success=2 default=ignore] pam_unix.so nullok
623s auth [success=1 default=ignore] pam_sss.so use_first_pass
623s # here's the fallback if no module succeeds
623s auth requisite pam_deny.so
623s # prime the stack with a positive return value if there isn't one already;
623s # this avoids us returning an error just because nothing sets a success
code
623s # since the modules above will each just jump around
623s auth required pam_permit.so
623s # and here are more per-package modules (the "Additional" block)
623s auth optional pam_cap.so
623s # end of pam-auth-update config
623s pamtester: invoking pam_start(login, ubuntu, ...)
623s pamtester: performing operation - authenticate
626s Password: pamtester: Authentication failure
626s + return 2
626s + handle_exit
626s + exit_code=2
Thus, the patch is not causing the testfailure, as it failed before the
SRU.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2081129
Title:
libpam-sss: require_cert_auth is not absolute, will fall back to
password auth on smartcard removal
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2081129/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
