pam-watchid icon indicating copy to clipboard operation
pam-watchid copied to clipboard

Published 20 hours ago verified publisher icon biscuitehh

Change to pam.d config file overwritten everytime macOS is updated

Open tthoma24 opened this issue 4 years ago • 8 comments

Everytime I updated macOS, the line I added to /etc/pam.d/sudo to enable pam_watchid gets removed.

tthoma24 avatar Mar 30 '20 01:03 tthoma24

i guess we have to add it back in every time?

pesqair avatar Jun 06 '20 01:06 pesqair

https://gist.github.com/jspiro/0c9f15b0806aca17b092ef26713adcfe

I run this after updates to re-add TouchID support. I stopped bothering with the watchid support since I got a new computer. You could update the file to support watchid.

jspiro avatar Jun 06 '20 02:06 jspiro

This doesn't explain why the file is overwritten every time the OS is updated. /etc isn't a protected directory, and I can't see any special attributes set on the folder that indicate anything special about it.

tthoma24 avatar Jul 04 '20 17:07 tthoma24

I opened a case with Apple Support, and Engineering and DevSupport are going to get back to me on this

tthoma24 avatar Jul 04 '20 19:07 tthoma24

Hear anything back?

sdondley avatar Aug 24 '20 02:08 sdondley

Not just this. Any changes to the ulimit and ssh configuration also got reset after each update.

This is a "feature" of macos! 😔️

rockkoca avatar Sep 25 '20 03:09 rockkoca

https://developer.apple.com/forums/thread/14637?answerId=44637022#44637022 Previous reports are that blowing away local pam changes is considered a feature.

obra avatar Mar 07 '22 22:03 obra

Any changes to the ulimit and ssh configuration also got reset after each update.

That's such an awful feature, since it re-enables SSH password authentication on my home server on every update 😠

henrik242 avatar Sep 01 '23 11:09 henrik242