Bug 846843

Summary: pam_lastlog fails when no /var/log/lastlog file exists
Product: [Fedora] Fedora Reporter: Daniel Drake <dsd>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pam-1.1.5-9.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-09 16:34:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Drake 2012-08-08 21:08:46 UTC 
Upon upgrading to pam-1.1.5-8.fc18, we can no longer login to the terminal or use "su" on OLPC builds.

The error is: Error in service module

systemd's journal gives a little more info:
pam_lastlog(login:session): unable to open /var/log/lastlog: No such file or directory

/var/log/lastlog doesn't exist. Creating it avoids the issue.

This seems to have popped up now because pam-1.1.5-8.fc18 moves to enabling pam_lastlog by default, with noupdate, and the logic I'm reading at https://lists.fedorahosted.org/pipermail/linux-pam-commits/2012-April/000111.html seems to agree with this behaviour: if open(/var/log/messages) == ENOENT and we're running with noupdate, error out.
Comment 1 Tomas Mraz 2012-08-08 21:23:42 UTC 
I'll change the PAM configuration to make the pam_lastlog 'optional' so its failure will not cause the session open to fail.