FS#31964 - [pam] Invisible PAM password prompt

Attached to Project: Arch Linux
Opened by Amos Onn (amos) - Monday, 15 October 2012, 03:03 GMT
Last edited by Dave Reisner (falconindy) - Monday, 15 October 2012, 18:28 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Tobias Powalowski (tpowa)
Dave Reisner (falconindy)
Architecture All
Severity Low
Priority Normal
Reported Version 4.0.3
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Summary and Info:
When package installation requires PAM utils s.a. chage, and PAM prompts for root password, the "Password:" prompt is displayed only *after* password is typed and enter is pressed.

Additional info:
* pam-1.1.5-4
* pam configured to require password on such actions (/etc/pam.d/other)


Steps to reproduce:
Set /etc/pam.d/other to be:

#%PAM-1.0
auth required pam_unix.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so

Then install a package requiring user manipulation, e.g. filesystem-2012.10-1.
This task depends upon

Closed by  Dave Reisner (falconindy)
Monday, 15 October 2012, 18:28 GMT
Reason for closing:  Not a bug
Comment by Tobias Powalowski (tpowa) - Monday, 15 October 2012, 06:35 GMT
Status on 1.1.6-1?
Comment by Amos Onn (amos) - Monday, 15 October 2012, 10:26 GMT
Same issue. I think pacman somehow writes pam's stdout to its own, but doesn't flush until the users presses Enter.
Comment by Dave Reisner (falconindy) - Monday, 15 October 2012, 10:58 GMT
Why is pacman involved in this? Why would root require a password prompt for running chage? install scripts are non-interactive, by design.
Comment by Tobias Powalowski (tpowa) - Monday, 15 October 2012, 12:40 GMT
So won't fix?
Comment by Dave Reisner (falconindy) - Monday, 15 October 2012, 12:46 GMT
It'd be nice to understand what's happening, but I don't think there's anything to fix here.
Comment by Amos Onn (amos) - Monday, 15 October 2012, 13:08 GMT
Per default pambase configuration, /etc/pam.d/other requires password prompt for all actions, and it seems shadow utils s.a. chage have no other pam configuration. Either shadow needs its own pam.d conf file, or pam.d/other needs to have a "sufficient rootok" line.
Comment by Dave Reisner (falconindy) - Monday, 15 October 2012, 13:20 GMT
Actually, chage has its own pam.d file:

$ pacman -Qo /etc/pam.d/chage
/etc/pam.d/chage is owned by shadow 4.1.5.1-1

$ cat /etc/pam.d/chage
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password required pam_permit.so

pambase isn't involved here.
Comment by Amos Onn (amos) - Monday, 15 October 2012, 18:13 GMT
Aha. My shadow was broken, apparently. Re-install indeed solved it. Sorry for the interruption!

Loading...