[arch-general] pambase update now requires explicit service files in /etc/pam.d/ - dovecot affected

Ralph Corderoy ralph at inputplus.co.uk
Mon Feb 11 16:32:24 UTC 2019


Hi Amish,

> David C. Rankin wrote:
> > if you have services that rely on pam authentication, such as
> > dovecot, etc.., you will find that your applications an no longer
> > authenticate using pam until you install a specific pam service in
> > /etc/pam.d for that application,
>
> Although this change is probably not going to affect me but may be
> this should have been done in two releases.

It affected me and caused data loss.  atd(8) couldn't run its jobs,
bailed out with the job renamed to start `=', and then cleaned those up
when it was re-started.  No output from them was gathered.  The jobs are
often one-offs, hand-written as input to at(1), perhaps weeks or months
ago.  What they intended to do has been lost.

https://bugs.archlinux.org/task/61700 is the bug on package at needing
an /etc/pam.d entry.

https://bbs.archlinux.org/viewtopic.php?pid=1831377 is a recent thread
on this pambase change causing problems.  Apparently, I hijacked it so
it's now closed.  But I'm pleased I did because others that arrive there
from Google, like I did, will now have the trail I laid to follow.

I also ask there if a check should be in place on all packages that
depend on pam to see if they provide /etc/pam.d/foo.  If there's not too
many exceptions then it may mop up the outstanding ones, and spot future
new violations.

    pactree -ld1 -r pam |
    sed 1d |
    xargs -rtn1 pkgfile -l |&
    egrep $'\t''/etc/pam\.d/.|^pkgfile'

-- 
Cheers, Ralph.


More information about the arch-general mailing list