Public bug reported: pam_lastlog.so was dropped by upstream in 1.5.3[1][4]. It's still there in the code, but not built by default.
And indeed, in noble (1.5.3) we don't have it, while mantic (1.5.2) does. This does not prevent console logins, but generates an error in the logs: Apr 23 20:02:09 n1 login[835]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory Apr 23 20:02:09 n1 login[835]: PAM adding faulty module: pam_lastlog.so Debian's shadow package is also still shipping this config[2]. If you think we should re-enable pam_lastlog, then this becomes a bug in the src:pam package, but keep in mind upstream is keen on removing it, and we might be better off switching to an alternative, perhaps pam_lastlog2[3]. 1. https://github.com/linux-pam/linux-pam/blob/cec36a8cd2c69cc87eacc21da471334fbef128ee/NEWS#L65 2. https://salsa.debian.org/debian/shadow/-/blob/master/debian/login.pam?ref_type=heads#L82 3. https://wiki.debian.org/PamLastlog2 4. https://github.com/linux-pam/linux-pam/commit/357a4ddbe9b4b10ebd805d2af3e32f3ead5b8816 ** Affects: shadow (Ubuntu) Importance: Undecided Status: New ** Affects: shadow (Ubuntu Noble) Importance: Undecided Status: New ** Affects: shadow (Debian) Importance: Unknown Status: Unknown ** Summary changed: - Default pam config for login tries do load non-existent pam module pam_lastlog.so + Noble: default pam config for login tries do load non-existent pam module pam_lastlog.so ** Also affects: shadow (Ubuntu Noble) Importance: Undecided Status: New ** Summary changed: - Noble: default pam config for login tries do load non-existent pam module pam_lastlog.so + Noble: default pam config for login tries do load non-existent pam_lastlog.so ** Description changed: pam_lastlog.so was dropped by upstream in 1.5.3[1]. It's still there in the code, but not built by default. And indeed, in noble (1.5.3) we don't have it, while mantic (1.5.2) does. - This does not prevent console logins, but generates an error in the logs: Apr 23 20:02:09 n1 login[835]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory Apr 23 20:02:09 n1 login[835]: PAM adding faulty module: pam_lastlog.so + Debian's shadow package is also still shipping this config[2]. - Debian's shadow package is also still shipping this config[2]. + If you think we should re-enable pam_lastlog, then this becomes a bug in + the src:pam package, but keep in mind upstream is keen on removing it, + and we might be better off switching to an alternative, perhaps + pam_lastlog2[3]. 1. https://github.com/linux-pam/linux-pam/blob/cec36a8cd2c69cc87eacc21da471334fbef128ee/NEWS#L65 2. https://salsa.debian.org/debian/shadow/-/blob/master/debian/login.pam?ref_type=heads#L82 + 3. https://wiki.debian.org/PamLastlog2 ** Bug watch added: Debian Bug tracker #1068229 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068229 ** Also affects: shadow (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068229 Importance: Unknown Status: Unknown ** Description changed: - pam_lastlog.so was dropped by upstream in 1.5.3[1]. It's still there in - the code, but not built by default. + pam_lastlog.so was dropped by upstream in 1.5.3[1][4]. It's still there + in the code, but not built by default. And indeed, in noble (1.5.3) we don't have it, while mantic (1.5.2) does. This does not prevent console logins, but generates an error in the logs: Apr 23 20:02:09 n1 login[835]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory Apr 23 20:02:09 n1 login[835]: PAM adding faulty module: pam_lastlog.so Debian's shadow package is also still shipping this config[2]. If you think we should re-enable pam_lastlog, then this becomes a bug in the src:pam package, but keep in mind upstream is keen on removing it, and we might be better off switching to an alternative, perhaps pam_lastlog2[3]. - 1. https://github.com/linux-pam/linux-pam/blob/cec36a8cd2c69cc87eacc21da471334fbef128ee/NEWS#L65 2. https://salsa.debian.org/debian/shadow/-/blob/master/debian/login.pam?ref_type=heads#L82 3. https://wiki.debian.org/PamLastlog2 + 4. https://github.com/linux-pam/linux-pam/commit/357a4ddbe9b4b10ebd805d2af3e32f3ead5b8816 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/2063257 Title: Noble: default pam config for login tries do load non-existent pam_lastlog.so Status in shadow package in Ubuntu: New Status in shadow source package in Noble: New Status in shadow package in Debian: Unknown Bug description: pam_lastlog.so was dropped by upstream in 1.5.3[1][4]. It's still there in the code, but not built by default. And indeed, in noble (1.5.3) we don't have it, while mantic (1.5.2) does. This does not prevent console logins, but generates an error in the logs: Apr 23 20:02:09 n1 login[835]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory Apr 23 20:02:09 n1 login[835]: PAM adding faulty module: pam_lastlog.so Debian's shadow package is also still shipping this config[2]. If you think we should re-enable pam_lastlog, then this becomes a bug in the src:pam package, but keep in mind upstream is keen on removing it, and we might be better off switching to an alternative, perhaps pam_lastlog2[3]. 1. https://github.com/linux-pam/linux-pam/blob/cec36a8cd2c69cc87eacc21da471334fbef128ee/NEWS#L65 2. https://salsa.debian.org/debian/shadow/-/blob/master/debian/login.pam?ref_type=heads#L82 3. https://wiki.debian.org/PamLastlog2 4. https://github.com/linux-pam/linux-pam/commit/357a4ddbe9b4b10ebd805d2af3e32f3ead5b8816 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2063257/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
