Fix services not to need pam restart

Registered by Scott Kitterman

See Bug #745004 for discussion. Service restarts during updates and upgrades cause a number of problems. We should identify the services that need the restart and fix them so they don't.

list of affected packages / services can be found in /var/lib/dpkg/info/libpam0g:$arch.postinst

do we want to concern ourselves with eglibc (NSS) and libssl restarts as well?

Blueprint information

Status:
Not started
Approver:
Colin Watson
Priority:
Low
Drafter:
Steve Langasek
Direction:
Approved
Assignee:
Steve Langasek
Definition:
Approved
Series goal:
Accepted for oneiric
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

* No consensus that we want to modify the upstream servers to all re-exec or dlopen libpam for each authentication.
 * Instead, we can ask a question in .config of all three library packages (at the same priority as the more detailed question, with default "no"). The .config question asks "is it OK to restart services willy-nilly without asking?". It appears if there are any affected services /installed/, even if they are not running. It is suppressed under update-manager in the same way as the detailed per-library questions.
 * look at whether the apache2 restart check should actually key on the apache2.2-common package, or if it should key on libapache2-mod-auth-pam

Work items:
add a new debconf question in the libpam config script asking whether the user would like to restart services unconditionally in the future: TODO
look at whether the apache2 restart check should actually key on the apache2.2-common package, or if it should key on libapache2-mod-auth-pam: TODO

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.