pam.d (pam_mount) config lost with every major update

Hi all,

I’ve got pam files configured to mount CIFS/SMB shares upon login (member of a Windows domain). It works well (mounts are specified at the system level in /etc/security), but every time I apply a major system update, I lose my configuration changes in pam.d which are replaced with stock versions of the files. What is the recommended and most pragmatic way to do this? I thought about using salt to manage this, but that seems a bit overkill to a problem that shouldn’t be this complicated.

Suggestions, anyone?

As a general rule, you should not edit /etc/pam.d/common-xxx-pc as they are auto-generated by pam-config (this is actually mentioned in those files).
You basically have two options:
Edit /etc/pam.d/common-xxx instead, i.e. replace the symlink with a normal file.
Updates won’t replace that, and not even pam-config will touch your modified file any more. This practically disables all automatisms.

Or use “pam-config” itself to add the pam_mount instead of modifying the files manually:

pam-config -a --mount

I cannot guarantee you that this does exactly what you want though.
See “man pam-config” for more information.

Or are you modifying some other files?