* In highly unlikely non-default configuration pam_motd may be configured to influence PAM's authentication and reporting PAM_SUCCESS may let users in the system.
* The fix is returning only PAM_IGNORE and error values.
[ Test Case ]
* Configure PAM to deny access when pam_motd returns PAM_SUCCESS:
$ cat /etc/pam.d/login
* Observe being able to log in due to pam_motd not returning PAM_SUCCESS
[Regression Potential]
* Minimal this is a fix partially reverting the behaviour change that was found undesired in LP: #1855092 . The return value of pam_motd is ignored in real-world configurations, thus it does not matter.
[ Impact ]
* In highly unlikely non-default configuration pam_motd may be configured to influence PAM's authentication and reporting PAM_SUCCESS may let users in the system.
* The fix is returning only PAM_IGNORE and error values.
[ Test Case ]
* Configure PAM to deny access when pam_motd returns PAM_SUCCESS:
$ cat /etc/pam.d/login
... motd.dynamic
session [success=die ignore=ignore] pam_motd.so motd=/run/
...
* Try to log in:
# login ubuntu
* Observe being able to log in due to pam_motd not returning PAM_SUCCESS
[Regression Potential]
* Minimal this is a fix partially reverting the behaviour change that was found undesired in LP: #1855092 . The return value of pam_motd is ignored in real-world configurations, thus it does not matter.