pam-auth-update non interactive mode not reflecting changes

Question

I want to run pam-auth-update on a specific profile in non-interactive mode. This must be run from a script so I cant work with an interface to enable.

I have already tried the following:

• pam-auth-update --enable "my module"
• pam-auth-update --profile "my module"
• pam-auth-update --package "my module"
• Tried using --force On all.
• Tried using --tool config on all, but that brings up the interactive interface again.

The first 3 commands ran, but when I run pam-auth-update my package is still not * selected. So I can tell if its enabled or not. How can I fix this?

I already saw this post, it was not helpful: How to configure pam-auth-update in non interactive mode?

Answer 1

I figured it out. The problem was I needed to use the file name of the pam module. I tried using the file full path, and the name, never tried the actual file name. So the file I was changing was /usr/share/pam-configs/mkhomedir

The correct way to invoke a non-interactive file is to do the following:

1. Make sure the file has Session-Interactive-Only: yes removed
2. Make sure to add Default: yes added to the module.
3. enable with pam-auth-update --enable mkhomedir with just the file name.