Comment # 22 on bug 1203468 from Stefan Dirsch

(In reply to Daike Yu from comment #21)
> (In reply to Stefan Dirsch from comment #19)
> > Created attachment 862540 [details]
> > xrdp-pamdir-suse.patch
> > 
> > Index: xrdp.spec
> > ===================================================================
> > --- xrdp.spec   (revision 44)
> > +++ xrdp.spec   (working copy)
> > @@ -52,6 +52,7 @@
> >  Patch13:        xrdp-bsc965647-allow-admin-choose-desktop.patch
> >  # PATCH-FEATURE-SLE xrdp-fate318398-change-expired-password.patch
> > fate#318398 -
> >  fezhang@suse.com -- enable user to update expired password via PAM
> >  Patch14:        xrdp-fate318398-change-expired-password.patch
> > +Patch15:        xrdp-pamdir-suse.patch
> >  
> >  BuildRequires:  autoconf
> >  BuildRequires:  automake
> > @@ -109,6 +110,9 @@
> >  %patch12 -p1
> >  %patch13 -p1
> >  %patch14 -p1
> > +%endif
> > +%if 0%{?suse_version} >= 1550
> > +%patch15 -p1
> >  %endif
> >  
> >  %build
> 
> So it seems that the path change caused install script failed to pick the
> correct rule.

Exactly.

> IMO this fix probably should be submitted to the upstream. I'll probably
> submit a PR later. Thanks for the help!

Yes. This should work. For Leap 15.x/sle the old rule should still work. There
is still
/etc/pam.d/common-account on these.

pamdir="/etc/pam.d"
[...]
elif [ -s "$pamdir/common-account" ]; then
  if grep "^@include" "$pamdir/passwd" >/dev/null 2>&1; then
    rules="debian"
  else
    rules="suse"
  fi
[...]