Public bug reported:
# Ask pam-auth-update disable SSS authentication profile
$ sudo pam-auth-update --remove sss
# SSSD is removed from PAM
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-session.pam-old:session optional
pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore]
pam_sss.so use_first_pass
/etc/pam.d/common-account.pam-old:account [default=bad success=ok
user_unknown=ignore] pam_sss.so
/etc/pam.d/common-password.pam-old:password sufficient
pam_sss.so use_authtok
# As pam-auth-update viewpoint, SSS authentication profile still enable
$ sudo pam-auth-update
<omit>
shows [*] SSS authentication
<omit>
# Ask pam-auth-update to do something
$ sudo pam-auth-update --add --winbind --enable mkhomedir
# SSSD is back to PAM even no one ask for it,
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-account:account [default=bad success=ok
user_unknown=ignore] pam_sss.so
/etc/pam.d/common-session.pam-old:session optional
pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore]
pam_sss.so use_first_pass
/etc/pam.d/common-password:password sufficient
pam_sss.so use_authtok
/etc/pam.d/common-account.pam-old:account [default=bad success=ok
user_unknown=ignore] pam_sss.so
/etc/pam.d/common-auth:auth [success=1 default=ignore] pam_sss.so
use_first_pass
/etc/pam.d/common-password.pam-old:password sufficient
pam_sss.so use_authtok
/etc/pam.d/common-session:session optional
pam_sss.so
# Version
$ whereis pam-auth-update
pam-auth-update: /usr/sbin/pam-auth-update
/usr/share/man/man8/pam-auth-update.8.gz
$ dpkg -S /usr/sbin/pam-auth-update
libpam-runtime: /usr/sbin/pam-auth-update
$ dpkg -l libpam-runtime
<omit>
||/ Name Version Architecture Description
+++-==============-=================-============-===================================
ii libpam-runtime 1.4.0-11ubuntu2.5 all Runtime support for the PAM
library
<omit>
** Affects: pam (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
# Ask pam-auth-update disable SSS authentication profile
$ sudo pam-auth-update --remove sss
# SSSD is removed from PAM
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-session.pam-old:session optional
pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore]
pam_sss.so use_first_pass
/etc/pam.d/common-account.pam-old:account [default=bad success=ok
user_unknown=ignore] pam_sss.so
/etc/pam.d/common-password.pam-old:password sufficient
pam_sss.so use_authtok
# As pam-auth-update viewpoint, SSS authentication profile still enable
$ sudo pam-auth-update
<omit>
shows [*] SSS authentication
<omit>
# Ask pam-auth-update to do something
$ sudo pam-auth-update --add --winbind --enable mkhomedir
# SSSD is back to PAM even no one ask for it,
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-account:account [default=bad success=ok
user_unknown=ignore] pam_sss.so
/etc/pam.d/common-session.pam-old:session optional
pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore]
pam_sss.so use_first_pass
/etc/pam.d/common-password:password sufficient
pam_sss.so use_authtok
/etc/pam.d/common-account.pam-old:account [default=bad success=ok
user_unknown=ignore] pam_sss.so
/etc/pam.d/common-auth:auth [success=1 default=ignore] pam_sss.so
use_first_pass
/etc/pam.d/common-password.pam-old:password sufficient
pam_sss.so use_authtok
/etc/pam.d/common-session:session optional
pam_sss.so
- #
+ # Version
$ whereis pam-auth-update
pam-auth-update: /usr/sbin/pam-auth-update
/usr/share/man/man8/pam-auth-update.8.gz
$ dpkg -S /usr/sbin/pam-auth-update
libpam-runtime: /usr/sbin/pam-auth-update
$ dpkg -l libpam-runtime
<omit>
||/ Name Version Architecture Description
+++-==============-=================-============-===================================
ii libpam-runtime 1.4.0-11ubuntu2.5 all Runtime support for the PAM
library
<omit>
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2101949
Title:
pam-auth-update --remove sss does not work
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2101949/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
