Comment 27 for bug 369575

"Daniel Richard G." <email address hidden> writes:

> Yeah, where pam-auth-update asks you "Override local changes to
> /etc/pam.d/common-*?" I see the man page says something about preserving
> module options, but if I add an option to (say) common-auth, and re-run
> p-a-u, the option is silently blown away.

Er, how is it silent when pam-auth-update asks you a question?

I hesitate to tell you how to do system administration for your site, but
at Stanford we just figure out what common-* PAM configuration files we
want for all of our systems and then install them everywhere using the
same configuration management system we use for krb5.conf. That seems to
me like the best way to do things at scale. The target audience of the
automated configuration is, in my view, more the individual user
installing Debian or Ubuntu on a single system, or the system
administrator who wants to use the automated configuration tool to create
something to start from and then customize for the site.

We can certainly try to make it work more smoothly for you, but it does
feel like you're creating extra work for yourself in a few places.

--
Russ Allbery (<email address hidden>) <http://www.eyrie.org/~eagle/>