control: severity -1 wishlist
control: tags -1 help
Philip> Package: libpam-runtime Version: 1.4.0-11ubuntu2.3 Severity:
Philip> important
Philip> Dear Maintainer,
Philip> We were trying to configure PAM authentication to use LDAP,
Philip> Radius, and local (pam_unix) authentication sources in that
Philip> order, so we ran "sudo pam-auth-update --enable ldap radius
Philip> unix". Alas it's written in the descending priority order
Philip> coming from the /usr/share/pam-configs/ files.
That's true, and it turns out there are also issues even within a single
profile about whether you want try_first_pass or use_first_pass and some
other local issues involving interactions between ldap and unix.
If you take a look at the bugs open against pam, you see a number of
related issues.
However, this is an enhancement request, not a bug.
pam-auth-update does not cover your use case, and it's going to be
nontrivial to get that working especially in the debconf interface.
I do not have time to work on that enhancement.
I would be happy to cooperate with someone on a design here and review
patches. I'd ask though that as part of that process, they examine the
existing bugs related to interactions between pam_ldap and pam_unix and
make sure that we will not have to revisit the design later to
incorporate the other related issues.