You provide things like pam_krb5. The natural place to use these is in modifications to /etc/pam.d/system-auth. However this is overwritten when pam is updated and it seems to have happened a lot lately. I know it tells you as it does it, but it is impractical to watch every emerge [better handling of that is another problem for portage-ng I guess]. For the moment I'd just like to have /etc/pam.d/system-auth handled by etc-update. Please. Or provide an option to do that. Thanks, Bob. Reproducible: Always Steps to Reproduce: 1. emerge pam 2. 3. Actual Results: /etc/pam.d/system-auth zapped Expected Results: used etc-update system
1) system-auth is not even installed with pam. 2) The only way this could happen, is if you updated shadow, but then it backups the old to /etc/pam.d/system-auth.bak (and give a message)
OK I'm dumb. But I insist: shadow shouldn't do this. It should use the etc-update method somehow.
It does usually. The force was due to security issue. I reverted it, as sufficient time should have passed. If this is fine by you, please close this bug.
Resolving as requested. There is still an issue in general about how gentoo handles an upgrade that requires action by the system manager. My suggestion is that the upgrade should fail initially until the user does something (e.g. creates a particular file) that indicates that he knows he needs to do something after the upgrade. In this case the file could be /etc/pam.d/system-auth.new.id-number and the installation should use that to replace the old system-auth. Bob