ecryptfs should use pam-auth-update rather than auth-client-config

Bug #259915 reported by Dustin Kirkland 
4
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)
Fix Released
High
Dustin Kirkland 

Bug Description

Binary package hint: ecryptfs-utils

See:
 * https://wiki.ubuntu.com/PAMConfigFrameworkSpec

We need to add pam_ecryptfs into the pam stack on installation.

Let's use Steve's new utility to do this.

:-Dustin

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Patch attached. It seems to do the right thing in all cases that I have tested.

I'm hoping Steve Langasek will review/sponsor this upload, as it contains the code needed to use his new pam-auth-update utility.

Please carefully review the debian/ecryptfs-utils.post[inst|rm] scripts, as I think those are the main place where a tweak might be needed.

:-Dustin

Changed in ecryptfs-utils:
assignee: nobody → kirkland
importance: Undecided → High
milestone: none → intrepid-alpha-5
status: New → In Progress
Revision history for this message
Steve Langasek (vorlon) wrote :

As mentioned in my follow-up to bug #260122, the postrm is the wrong place to call pam-auth-update for removal.

Please instead call it in the prerm instead, using semantics equivalent to the following:

if [ "$1" = remove ]; then
    pam-auth-update --package --remove ecryptfs-utils
fi

Implementing --remove is on my todo list for today; and it won't hurt anything to call pam-auth-update with unknown arguments in the meantime. But I can understand that you might want to test this before upload :-), so should I let you know once pam -3ubuntu3 is available?

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Updated patch attached, based on IRC suggestions from slangasek, and kvm testing by kirkland.

:-Dustin

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ecryptfs-utils - 53-1ubuntu6

---------------
ecryptfs-utils (53-1ubuntu6) intrepid; urgency=low

  * Fixes (LP: #259915).
  * debian/control: drop suggests of auth-client-config, add depends on
    libpam-runtime.
  * debian/ecryptfs-utils.postinst: initial creation, use pam-auth-update,
    be sure to 'force' if pam stack was precisely written by
    auth-client-config.
  * debian/ecryptfs-utils.prerm: remove pam-auth-update config on uninstall
  * debian/ecryptfs-utils.pam-auth-update: initial creation of pam-auth-update
    configuration.
  * debian/ecryptfs.acc: drop auth-client-config profile.
  * debian/rules, debian/ecryptfs-utils.install, debian/ecryptfs-utils.dirs:
    remove auth-client-config installation, add pam-auth-update.

 -- Dustin Kirkland <email address hidden> Fri, 22 Aug 2008 01:22:48 +0100

Changed in ecryptfs-utils:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.