Same services restarted for pam library upgrade and libc upgrade

I add a task for pam itself, the debconf handling is outside of update-managers control, but maybe Steve has a good idea how to improve the experience for this.

The prompt happens when libpam0g is configured; that's the only point at which we have reliable information about the services present that need to be restarted. If we check at any earlier point (such as with dpkg-preconfigure before libpam is on the system), we can't be sure that our list is complete since other service-providing packages may have been unpacked onto the system in the meantime as part of the upgrade.

I received the same complaint in Debian about lenny->squeeze upgrades; I really don't see any way to improve this without sacrificing robustness, unless we work on fixing the underlying services to not *need* a restart for libpam upgrades.

Then perhaps starting on that work is worth a spec for the oneiric cycle to get started. These service restarts are disruptive and should go away. If fixing the services is the right answer, the sooner it's started, the sooner it's done.

https://blueprints.launchpad.net/ubuntu/+spec/other-foundations-o-pam-restarts has been started to track the feature work associated with resolving this issue.

Fixed the name based on oneiric naming conventions: https://blueprints.launchpad.net/ubuntu/+spec/foundations-o-pam-restarts

This bug was fixed in the package pam - 1.1.3-6ubuntu1

---------------
pam (1.1.3-6ubuntu1) precise; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
      not present there or in /etc/security/pam_env.conf. (should send to
      Debian).
    - debian/libpam0g.postinst: only ask questions during update-manager when
      there are non-default services running.
    - debian/libpam0g.postinst: check if gdm is actually running before
      trying to reload it.
    - debian/libpam0g.postinst: the init script for 'samba' is now named
      'smbd' in Ubuntu, so fix the restart handling.
    - Change Vcs-Bzr to point at the Ubuntu branch.
    - debian/patches-applied/series: Ubuntu patches are as below ...
    - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
      initialise RLIMIT_NICE rather than relying on the kernel limits.
    - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
      Deprecate pam_unix' explicit "usergroups" option and instead read it
      from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
      there. This restores compatibility with the pre-PAM behaviour of login.
    - debian/patches-applied/pam_motd-legal-notice: display the contents of
      /etc/legal once, then set a flag in the user's homedir to prevent
      showing it again.
    - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
      for update-motd, with some best practices and notes of explanation.
    - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
      to update-motd(5)
    - debian/local/common-session{,-noninteractive}: Enable pam_umask by
      default, now that the umask setting is gone from /etc/profile.
    - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
  * Dropped changes, included in Debian:
    - debian/patches-applied/update-motd: set a sane umask before calling
      run-parts, and restore the old mask afterwards, so /run/motd gets
      consistent permissions.
    - debian/patches-applied/update-motd: new module option for pam_motd,
      'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
    - debian/libpam0g.postinst: drop kdm from the list of services to
      restart.
  * Build-depend on libfl-dev in addition to flex, for cross-building
    support.

pam (1.1.3-6) unstable; urgency=low

  * debian/patches-applied/hurd_no_setfsuid: we don't want to check all
    setre*id() calls; we know that there are situations where some of these
    may fail but we don't care. As long as the last setre*id() call in each
    set succeeds, that's the state we mean to be in.
  * debian/libpam0g.postinst: according to Kubuntu developers, kdm no longer
    keeps libpam loaded persistently at runtime, so it's not necessary to
    force a kdm restart on ABI bump. Which is good, since restarting kdm
    now seems to also log users out of running sessions, which we rather
    want to avoid. Closes: #632673, LP: #744944.
  * debian/patches-applied/update-motd: set a sane umask before calling
    run-parts, and restore the old mask...