Since upgrading to F40, chpasswd stop using pam. I have trace that down to change related to https://bugzilla.redhat.com/show_bug.cgi?id=2233275. Where following PR was done https://src.fedoraproject.org/fork/ipedrosa/rpms/shadow-utils/c/91360f25a8c8b810d59bec2803a2477a2647c775. Patch shadow-4.14.0-account-tools-setuid.patch effectively deactivating PAM support if ACCT_TOOLS_SETUID is not set. In spec file, configuration is set not to use it (--disable-account-tools-setuid). Is it possible to re-enable PAM support for shadow-utils tools? When patch is dropped, my system started to use PAM subsystem. Reproducible: Always Steps to Reproduce: 1.useradd test 2.echo "test:test" | strace chpasswd &> strace_test.log 3.grep "pam\.d" strace_test.log Actual Results: No indication that /etc/pam.d configuration would be read. Expected Results: PAM configuration files should be read. Grep output should show, syscall to open pam configuration. newfstatat(AT_FDCWD, "/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/pam.d/chpasswd", O_RDONLY) = 3 openat(AT_FDCWD, "/etc/pam.d/other", O_RDONLY) = 3
You are right. I'll remove that part of the patch.
This seems to have broken `chpasswd -R`. See https://bodhi.fedoraproject.org/updates/FEDORA-2024-8394646791#comment-3542306
That is, the attempt to turn pam support on again broke it, not the initial removal of pam support.
Petr prior to fedora 40 shadow was packaged without libpam support, meaning that in fedora 39 and previous versions chpasswd didn't use PAM. So, in reality chpasswd didn't stop using PAM, and the problem was there even before fedora 40 was released. Are you sure that it stopped using PAM? If so, can you explain how you made it work that way?
Unfortunately you are right. I notice problem in system which was previously patched with shadow-utils where libpam support was enabled. But I didn't notice that during my testing. My intention was to inform you about missing pam support, as I was able to getting working by myself. And turn outs that it was just waste of time for you, to check something what wasn't working previously. I'm sorry for that, please apologize me. Ticket can be closed.
No, that's fine, but the priority changes a bit. I'm keeping it open since chpasswd should use PAM, but this isn't a regression so it's not such a priority.
This got into rawhide via the mass rebuild. ;( We untagged it, but it already went in a compose. So, I have pushed a revert back... hopefully thats all ok. ;)
This message is a reminder that Fedora Linux 40 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 40 on 2025-05-13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '40'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 40 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.