While helping fedya to debug some problems in the aarch64
chroot, I found that only mandriva* has this:
$ rpm -q --scripts pam
[...]
if [ -f /etc/login.defs ] && ! grep -q USE_TCB /etc/login.defs; then
/usr/sbin/set_tcb --auto --migrate
fi
[...]
note that also, from tested distros (well, suse and fedora) only
mandriva* has a USE_TCB string in /etc/login.defs, but the scriplet
is very naive, because the USE_TCB string in mandriva* is setting it
to "no" ...
I think it is safe to match other distros and remove that scriptlet.
pam_tcb is supposed to be an alternative to shadow, and that may
cause a lot of harm...
This probably was also the reason I did need to fix my cooker vm
because /etc/shadow was corrupted, and all started, apparently
after forcing a rebuild of libutempter to "fix" dependency issues
generating a new chroot.
For better archeology:
http://svn.mandriva.com/viewvc/packages/cooker/pam/current/SPECS/pam.spec?view=annotate
Thanks,
Paulo
