bug with pam-auth-update ?
No luck with the french debian list, so I try here
We have some servers running Debian Jessie 8.4 amd64
We update them via a cron script and as you see it, pam-auth-update
freeze our cron update
'ps -efH' extract
root 22723 21862 3 avril03 ? 01:08:58 apt-get
-y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold
dist-upgrade
root 38647 22723 0 avril03 pts/2 00:00:00
/usr/bin/dpkg --force-confdef --force-confold --status-fd 32 --configure
libc-dev-bin:amd64 linux-libc-dev:amd64 libc6-dev:amd64
initramfs-tools:all linux-image-3.16.0-4-amd64:amd64
libpam-systemd:amd64 libpcrecpp0:amd64 libpcre3-dev:amd64
libapt-inst1.5:amd64 libcairo2:amd64 libglib2.0-0:amd64
libcairo-gobject2:amd64 libcairo-script-interpreter2:amd64
libglib2.0-bin:amd64 libglib2.0-dev:amd64 libcairo2-dev:amd64
libgif4:amd64 librsvg2-2:amd64 librsvg2-common:amd64
libgtk2.0-common:all libgtk2.0-0:amd64 gir1.2-gtk-2.0:amd64
libgtk2.0-dev:amd64 libgtk2.0-bin:amd64 libgudev-1.0-0:amd64
libnettle4:amd64 libhogweed2:amd64 libsndfile1:amd64 libsvn1:amd64
subversion:amd64 nslcd:amd64 libnss-ldapd:amd64 libpam-ldapd:amd64
apt-utils:amd64 locales:all libruby:all libsane-common:all
linux-compiler-gcc-4.8-x86:amd64 linux-headers-3.16.0-4-common:amd64
linux-headers-3.16.0-4-amd64:amd64 linux-source-3.16:all ruby:all
nslcd-utils:all
root 42111 38647 0 avril03 pts/2 00:00:00
/bin/sh /var/lib/dpkg/info/libpam-systemd:amd64.postinst configure
215-17+deb8u3
root 42112 42111 0 avril03 pts/2 00:00:00
/usr/bin/perl -w /usr/share/debconf/frontend /usr/sbin/pam-auth-update
--package
root 42122 42112 0 avril03 pts/2 00:00:00
/usr/bin/perl -w /usr/sbin/pam-auth-update --package
What happen here, as the copy/paste above is a bit messy, is a perl
script calling :
/usr/sbin/pam-auth-update --package
freezing our update if we don't manually answer.
But man pam-auth-update says :
"Selection of profiles is done using the standard debconf interface.
The profile selection question will be asked at `medium' priority when
packages are added or removed, so no user interaction is required by
default. Users may invoke pam-auth-update directly to change their
authentication configuration.
OPTIONS
--package
Indicate that the caller is a package maintainer script;
lowers the priority of debconf questions to `medium' so that the user is
not prompted by default."
It don't seems to work the intended way. We use custom etc/pam.d/*
files, with a different umask in mkhomedir, pam_access and pam_ldap,
nothing to special here.
Is this a pam-auth-update, debconf or systemd bug ?
Is our apt-get script with Dpkg options wrong ?
If you have already faced this kind of problems, I would be happy to
heard about it.
In case this would not be the normal operation of pam-auth-update,
I would open a bug on the subject.
thanks
--
Jean Louis Mas
Reply to: