pam-auth-update --remove sss does not work

# Ask pam-auth-update to disable SSS authentication profile
$ sudo pam-auth-update --remove sss

# SSSD is removed from PAM
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-session.pam-old:session optional pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-account.pam-old:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-password.pam-old:password sufficient pam_sss.so use_authtok

# As pam-auth-update viewpoint, SSS authentication profile still enable
$ sudo pam-auth-update
<omit>
[*] SSS authentication
<omit>

# After pam-auth-update executed, SSSD is back to PAM even no one ask for it,
$ grep -R sss /etc/pam.d/
/etc/pam.d/common-account:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-session.pam-old:session optional pam_sss.so
/etc/pam.d/common-auth.pam-old:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-password:password sufficient pam_sss.so use_authtok
/etc/pam.d/common-account.pam-old:account [default=bad success=ok user_unknown=ignore] pam_sss.so
/etc/pam.d/common-auth:auth [success=1 default=ignore] pam_sss.so use_first_pass
/etc/pam.d/common-password.pam-old:password sufficient pam_sss.so use_authtok
/etc/pam.d/common-session:session optional pam_sss.so

# Version
$ whereis pam-auth-update
pam-auth-update: /usr/sbin/pam-auth-update /usr/share/man/man8/pam-auth-update.8.gz
$ dpkg -S /usr/sbin/pam-auth-update
libpam-runtime: /usr/sbin/pam-auth-update
$ dpkg -l libpam-runtime
<omit>
||/ Name Version Architecture Description
+++-==============-=================-============-===================================
ii libpam-runtime 1.4.0-11ubuntu2.5 all Runtime support for the PAM library
<omit>