libpam-sss.pam-auth-update needs to be split to properly support password changes

Bug #1086272 reported by Timo Aaltonen on 2012-12-04
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)
Undecided
Timo Aaltonen
Precise
Medium
Unassigned
Quantal
Medium
Unassigned

Bug Description

[Impact]
password changes don't currently work unless pam_cracklib is installed, or the use_authtok is dropped from the libpam-sss pam-auth-update file.

[Test case]
install sssd & libpam-sss on an LDAP client, then try to change the password of a networked user.

[Regression potential]
This bug has basically forced users to modify the (package owned) file on their own, but the new version should still work in all cases.

--

The priority of the libpam-sss pam-auth-update config file needs to be lower than for pam_unix, so that local users always work, despite the state of the sssd daemon. This causes a problem with the password stack, where pam_sss needs to be above pam_unix, so that if pam_cracklib is installed password changes still work. Otherwise it would be broken in one of the cases, depending on if use_authtok is set or not.

The fix for this is to split the password stack from pam_sss config separate from the rest, and use a higher priority there.

This is fixed in raring, needs an SRU to precise and quantal.

Timo Aaltonen (tjaalton) on 2012-12-04
description: updated
Changed in sssd (Ubuntu):
status: New → Fix Released
Changed in sssd (Ubuntu Precise):
importance: Undecided → Medium
status: New → In Progress
Changed in sssd (Ubuntu Quantal):
importance: Undecided → Medium
status: New → In Progress
Timo Aaltonen (tjaalton) on 2012-12-04
description: updated

Hello Timo, or anyone else affected,

Accepted sssd into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/sssd/1.8.6-0ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in sssd (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in sssd (Ubuntu Quantal):
status: In Progress → Fix Committed
Adam Conrad (adconrad) wrote :

Hello Timo, or anyone else affected,

Accepted sssd into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/sssd/1.9.1-0ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Timo Aaltonen (tjaalton) wrote :

bah, would be nice to actually include the file in the package :/ will fix it up in a later upload

Changed in sssd (Ubuntu Precise):
status: Fix Committed → In Progress
Changed in sssd (Ubuntu Quantal):
status: Fix Committed → In Progress
tags: added: verification-failed
removed: verification-needed
Changed in sssd (Ubuntu):
assignee: nobody → Timo Aaltonen (tjaalton)
Timo Aaltonen (tjaalton) on 2013-02-05
Changed in sssd (Ubuntu):
status: Fix Released → Fix Committed
Adam Conrad (adconrad) wrote :

Hello Timo, or anyone else affected,

Accepted sssd into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/sssd/1.8.6-0ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in sssd (Ubuntu Precise):
status: In Progress → Fix Committed
tags: removed: verification-failed
tags: added: verification-needed
Changed in sssd (Ubuntu Quantal):
status: In Progress → Fix Committed
Adam Conrad (adconrad) wrote :

Hello Timo, or anyone else affected,

Accepted sssd into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/sssd/1.9.1-0ubuntu1.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sssd - 1.9.4-0ubuntu2

---------------
sssd (1.9.4-0ubuntu2) raring; urgency=low

  * Merge from unreleased debian git
    - Fix FTBFS on arm by raising test timeout to 30s
    - Introduces postinst/postrm to setup nsswitch.conf when installing
      libsss-sudo
 -- Stephane Graber <email address hidden> Sun, 10 Feb 2013 18:37:02 -0500

Changed in sssd (Ubuntu):
status: Fix Committed → Fix Released
Timo Aaltonen (tjaalton) on 2013-02-27
tags: added: verification-done
removed: verification-needed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sssd - 1.9.1-0ubuntu1.3

---------------
sssd (1.9.1-0ubuntu1.3) quantal-proposed; urgency=low

  * rules: Really install the new pam-auth-update file for password
    changes. (LP: #1086272)
  * rules: Pass --datadir, so the path in autogenerated python files is
    correctly substituted. (LP: #1079938)
 -- Timo Aaltonen <email address hidden> Wed, 06 Feb 2013 01:13:23 +0200

Changed in sssd (Ubuntu Quantal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sssd - 1.8.6-0ubuntu0.2

---------------
sssd (1.8.6-0ubuntu0.2) precise-proposed; urgency=low

  * rules: Really install the new pam-auth-update file for password
    changes. (LP: #1086272)
  * rules: Pass --datadir, so the path in autogenerated python files is
    correctly substituted. (LP: #1079938)
 -- Timo Aaltonen <email address hidden> Wed, 06 Feb 2013 01:07:09 +0200

Changed in sssd (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers