pam_group is not idempotent
Bug #624715 reported by
jwm
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
If pam_group appears twice in various pam.d files (eg added to common-auth and still present in login), it will add the user to those groups a second time.
Actually, the extent of the problem is worse than that — if the user is already a member of a group, they're still added a second time, indicating that no checking is done at all!
This is definitely a pain when using NFSv3, as it has a limit of 16 supplementary groups.
To post a comment you must log in.
This is one of the many problems with the pam_group module that contribute to it not being recommended as a means of providing conditional access on login: it has been all but superseded by pam_consolekit for the standard use cases. So while I'm confirming this bug report, please understand that it is unlikely that the Ubuntu developers will work on fixing it.