Bug#398436: openssh-server: dosen't install on ldap enabled box (usermod fails)
tags 398436 pending
thanks
On Mon, Nov 13, 2006 at 08:26:38PM +0100, Witold Baryluk wrote:
> I think here is a problem:
>
> /var/lib/dpkg/info/openssh-server.postinst : 292
>
> fix_sshd_shell() {
> if getent passwd sshd | grep -q ':/bin/false$'; then
> usermod -s /usr/sbin/nologin sshd
> fi
> }
[...]
> # ldd `which usermod` | grep pam
> # empty (usermod is using /etc/passwd directly!)
>
> Suggestion: Use chsh (which use PAM).
Look at the chsh source and you'll find that chsh only uses PAM for
authentication; it then goes on to modify /etc/passwd directly. In
general there's no reliable way to modify a remote user, so I've changed
openssh-server.postinst in my CVS repository to ignore errors from
usermod.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: