Univention Bugzilla – Bug 49392
Cherry-Pick python3-pam from ubuntu
Last modified: 2021-05-25 16:00:09 CEST
We should cherry-pick python3-pam from ubuntu. It's not yet available in debian. We need this for univention-management-console. https://packages.ubuntu.com/xenial/python3-pam https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680148
(In reply to Florian Best from comment #0) > We should cherry-pick python3-pam from ubuntu. It's not yet available in > debian. Please do not pick source packages from arbitrary sources without contacting the Security team first! PS: The projects are named "Debian" and "Ubuntu" with a capital first letter.
Created attachment 10091 [details] patch These are the changes. They work and look good.
Please add to https://hutten.knut.univention.de/mediawiki/index.php/Security_Updates#Spezielle_Pakete when doing this.
We might also want to evaluate python-pampy https://packages.debian.org/source/buster/python-pampy from https://github.com/FirefighterBlu3/python-pam
Cherry-Picked from ubuntu xenial and added to the Special security packages wiki page. Package: python-pam Version: 0.4.2-13.2ubuntu2A~5.0.0.202006081810
Please pull from focal.
PyPAM is dead: - Debian never packaged anything newer than 0.4.2 - The Debian maintainer is MIA - There only have been two NMUs for Debian-8-Jessie and Debian-9-Stretch to keep the package minimally alive. It will be removed from Debian-11-Bullseye due to the missing Python3 binding anyway. - Gentoo had 0.5.0-rc4 but also flags it as unmaintained - CentOS-7 also has 0.5.0 - The upstream source <http://www.pangalactic.org/PyPAM> no longer exists. There only seems to be one use of python-pam, which is management/univention-management-console/debian/control: python-pam, Maybe switch to python-pampy ?
(In reply to Philipp Hahn from comment #7) > Maybe switch to python-pampy ? python-pampy only provides pam_authenticate, pam_setcred. We need additionally: pam_acct_mgmt, pam_chauthtok, pam_putenv. It also doesn't have the possibility to set an own conversation function. I could write a patch for python-pampy (ctypes), which adds every needed functionality, if wanted.
Created attachment 10404 [details] PAM.py I created a full featured PAM compatible library using ctypes.
(In reply to Philipp Hahn from comment #7) > PyPAM is dead: Russell Stuart - 2020-04-05 """ I'm just letting everybody know now the tests work, I've started intergrating all the changes for a new release. """ https://sourceforge.net/p/pam-python/tickets/5/
Re-imported from focal: Package: python-pam Version: 0.4.2-13.2ubuntu8A~5.0.0.202102251339 Branch: ucs_5.0-0
485f289611 | UCS-5 changelog
UCS 5.0 has been released: https://docs.software-univention.de/release-notes-5.0-0-en.html https://docs.software-univention.de/release-notes-5.0-0-de.html If this error occurs again, please use "Clone This Bug".