FW: libpam-ldap upgrade breaks pam_ldap.conf and can't login
Package: libpam-ldap
Version: 180-1.5
I've sent the following email and did not receive a response from the
libpam-ldap maintainer. I've upgraded another sarge box since and confirmed
the bug still exists. This is a serious problem for upgrades from sarge, or
any package update, so please fix it before release.
-----Original Message-----
From: Jamie ffolliott [mailto:jamieff@inline.net]
Sent: Saturday, January 20, 2007 5:59 PM
To: 'submit@bugs.debian.org'
Subject: libpam-ldap upgrade breaks pam_ldap.conf and can't login
Package: libpam-ldap
Version: 180-1.4
After an apt-get upgrade, the libpam-ldap packate updated, and in doing so
it rewrote parts of the /etc/pam_ldap.conf file as follows
- rewrote host, base, ldap_version, pam_password
- commented out the "uri" setting, which is an alternative setting to "host"
that supports ldap over ssl.
Since I don't use unencrypted logins to my ldap server, and I'm not sure who
would do such a thing, I cannot use the host setting. The latter step that
comments out "uri" in fact breaks authentication to this machine.
I've tried dpkg-reconfigure libpam-ldap and there's no option to preserve my
URI setting, which must be set to "ldaps://ldap.mydomain.com" for logins to
succeed.
Even if I leave "host" blank, it will still disable the "uri" setting - and
this is the heart of the issue, I can't avoid breaking the existing
libpam-ldap config.
Luckily I have ssh's pub key authentication setup, so I can get in to fix,
but without that this debian client would be rendered useless upon upgrade
from sarge to etch.
Please consider this critical, I don't want all my servers to be rendered
inaccessible after upgrading to etch which I hope to do upon release. It
locks out access to the box completely.
Thx!
Reply to: