Ubuntu
pam package

UVFe: PAM 0.99

Bug #138047 reported by Kees Cook
8
Affects Status Importance Assigned to Milestone
pam (Ubuntu)
Fix Released
Undecided
Kees Cook

Bug Description

I've got PAM 0.99 merged, and I'd like to get it into Gutsy.

Merge is here[1], including the debdiffs between Debian for the old[2] and the new[3] versions. The Debian changelog[4] is extensive, but is probably worth us getting it into Gutsy to get as much shake-down time as we can.

It would fix at least these bugs: 43169 14505 80431

By dropping the ~/.pam_environment patch, it would fix: 113586

Changes to the ulimit defaults would more closely match those of other distros.

From initial testing (default desktop install, my insano weird desktop, and server ldap), it seems to be working without problems.

[1] http://people.ubuntu.com/~kees/gutsy/
[2] http://people.ubuntu.com/~kees/gutsy/pam_0.79-4ubuntu2.ubuntu.diff
[3] http://people.ubuntu.com/~kees/gutsy/pam_0.99.7.1-4ubuntu1.ubuntu.diff
[4] http://packages.debian.org/changelogs/pool/main/p/pam/current/changelog

Revision history for this message
Jonathan Riddell (jr) wrote :

This seems like a good idea but I think it deserves more testing than you describe, could you put .debs somewhere (or build in a PPA) and ask ubuntu-server people to test it?

Revision history for this message
Kees Cook (kees) wrote :

Agreed; I have uploaded to PPA: https://launchpad.net/~keescook/+archive

Also, for reference, some discussion on ubuntu-devel:
https://lists.ubuntu.com/archives/ubuntu-devel/2007-September/024213.html

Revision history for this message
Soren Hansen (soren) wrote :

it works like a charm for me on my server with both opie and otpw, which I guess is fairly exotic. :)

Revision history for this message
Martin Pitt (pitti) wrote :

I tested the following things on current gutsy amd64 with the PPA packages:

 * Upgrade
 * libpam-foreground functionality
 * cups web UI (uses PAM)
 * passwd changing
 * passwd locking and unlocking
 * chfn

Those were successful.

I also highly appreciate the fixing of the default ulimits. However, there seems to be a hitch (maybe amd64 specific?):

$ ulimit -i -u
pending signals (-i) 24575
max user processes (-u) 24575

Isn't this supposed to be 2048?

Revision history for this message
Kees Cook (kees) wrote : Re: [Bug 138047] Re: UVFe: PAM 0.99

That is very weird. Yeah, I see the same on my amd64 too. I will
investigate.

Revision history for this message
Kees Cook (kees) wrote :

This value is based on available system memory and is expected to change: http://tinyurl.com/24jq6l

Kees Cook (kees)
Changed in pam:
assignee: nobody → keescook
status: New → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

Ah, I see. Then it does seem to work fine, although I question the sensibility of determining nproc from RAM.

Revision history for this message
Kees Cook (kees) wrote :

I actually think it is more correct that a static fixed value (and significantly more correct than "unlimited").

Regardless, it sounds like this has gotten a fair bit of testing now; shall I upload it to the main repository, or should we wait a while longer? Maybe I should ask "What are next steps?"

Revision history for this message
Martin Pitt (pitti) wrote :

I agree. Please go ahead and upload.

Revision history for this message
Kees Cook (kees) wrote :

Uploaded, thanks!

Changed in pam:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.