pam_userdb.so is missing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam (Debian) |
Fix Released
|
Unknown
|
|||
pam (Ubuntu) |
Fix Released
|
High
|
Dan Bungert | ||
Noble |
Fix Released
|
High
|
Dan Bungert |
Bug Description
[ Impact ]
* In the process of bootstrapping pam for time_t, libdb-dev was
deliberately removed in salsa commit 65621d8 to allow libdb-dev to
undergo time_t transition.
* The result of that is no pam_userdb.so in libpam-modules
* The fix takes the form of correcting a build dependency, which
results in pam_userdb.so being again available.
[ Test Plan ]
* regression
* obtain a noble test system - I personally used a noble chroot
* adjust apt sources and ensure noble-proposed is present
* install libpam-modules 1.5.3-5ubuntu5.1
* login to the test machine with appropriate credentials - the
literal `login` command is useful here
* userdb functionality
* start with the same test machine from the regression test
* install db5.3-util
* modify /etc/pam.d/login to comment out all `auth` lines, and add
this instead
```
auth requisite pam_userdb.so db=/etc/dbtest
```
* create a textfile named `input` that looks like
```
your_username
test_password - different than /etc/shadow
```
* `db5.3_load -T -f input -t hash /etc/dbtest.db`
* login to the test machine with your_username and the
test_password - the literal `login` command is useful here
[ Where problems could occur ]
* As usual, no SRU has zero risk
* Any change to pam risks problems in user logins failing, so a
basic regression test has been provided
[ Development release status ]
Issue fixed in merge from Debian and subsequent 1.5.3-7ubuntu1 upload.
[ Other Info ]
* None at this time
original description follows
---
The file is missing from libpam-modules.
This breaks, for example, existing vsftp configs if it is configured to use pam_userdb.so
Log:
vsftpd: PAM unable to dlopen(
vsftpd: PAM adding faulty module: pam_userdb.so
Apparently there was a change which removed this in the past, and it might be the removal has not been undone, while the package has been released nevertheless.
http://
* For now remove libdb-dev so that libdb-dev can undergo time_t
transition. That means this version of pam does not include
pam_userdb, which makes pam unsuitable for release.
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
$ apt-cache policy libpam-modules
libpam-modules:
Installed: 1.5.3-5ubuntu5
Candidate: 1.5.3-5ubuntu5
Version table:
*** 1.5.3-5ubuntu5 500
500 http://
100 /var/lib/
description: | updated |
description: | updated |
Changed in pam (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Dan Bungert (dbungert) |
Changed in pam (Ubuntu): | |
status: | Triaged → In Progress |
Changed in pam (Debian): | |
status: | Unknown → Fix Released |
description: | updated |
Changed in pam (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in pam (Ubuntu Noble): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Dan Bungert (dbungert) |
tags: |
added: verification-done removed: verification-needed |
Hello Thomas-Thomas, or anyone else affected,
Accepted pam into noble-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ pam/1.5. 3-5ubuntu5. 1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification- needed- noble to verification- done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed- noble. In either case, without details of your testing we will not be able to proceed.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance for helping!
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.