This is a tracking bug for Change: Remove pam_console For more details, see: https://fedoraproject.org/wiki/Changes/RemovePamConsole Remove pam_console as it is not enabled by default, can be replaced by systemd and has security issues. If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.
I've updated an older Fedora installation from Fedora 38 to Fedora 39 (which updates pam from 1.5.2-16.fc38 to 1.5.3-2.fc39). The file /usr/lib64/security/pam_console.so still exists. It is not owned by any RPM package, however. This looks like a problem to me. In contrast to that, on a different F38 system, /usr/lib64/security/pam_console.so is owned by pam-1.5.2-16.fc38.x86_64. I can't find anything related to the file `pam_console` in syslog (journalctl) or the dnf/librepo/rpm/hawkey logs in /var/log. @ipedrosa: do you need more info for debugging?
Not sure what happened but I'm unable to reproduce it: $ rpm -qf /usr/lib64/security/pam_console.so error: file /usr/lib64/security/pam_console.so: No such file or directory It seems like a problem in the package manager, but I don't know where this information is stored. Can you try to reproduce it again and write down all the steps?
I also don't see it any more on the same machine and I don't know why. It seems like a successive update has removed that file. Is it possible that an update to systemd-pam removed it? I've installed the fix for bug #2237960 in the meantime. (but I don't know anything here, just wild guessing…) (In reply to Iker Pedrosa from comment #2) > Can you try to reproduce it again and write down all the steps? In case I am able to reproduce it, which steps would you want to have? Something like this: 1. In Fedora 38 with pam [version] installed, the file /usr/lib64/security/pam_console.so exists and is owned by [RPM package of `dnf provides [filename]`] 2. `dnf system-upgrade […]` and `dnf system-upgrade reboot` 3. In Fedora 39 with pam [version] installed, the file /usr/lib64/security/pam_console.so exists and is not owned by any RPM package This is basically what I gave above: 1. In Fedora 38 with pam 1.5.2-16.fc38 installed, the file /usr/lib64/security/pam_console.so exists and is owned by pam. 2. I ran `dnf system-upgrade download --releasever=39` and `dnf system-upgrade reboot` 3. In Fedora 39 with pam 1.5.3-2.fc39 installed, the file /usr/lib64/security/pam_console.so exists and is not owned by any RPM package There is nothing in between that happened which I could have documented, or am I missing something?
(In reply to Christian Stadelmann from comment #3) > I also don't see it any more on the same machine and I don't know why. Maybe that explains why I'm unable to reproduce it. > It seems like a successive update has removed that file. Is it possible that > an update to systemd-pam removed it? I've installed the fix for bug #2237960 > in the meantime. (but I don't know anything here, just wild guessing…) I don't think so, the update is unrelated. > There is nothing in between that happened which I could have documented, or > am I missing something? Maybe there's something different and that's why you were unable to reproduce it again. Or maybe, the bug is intermittent. Any additional information that you can provide will be helpful.
I've tried updating another (similarly configured) system and cannot reproduce the problem I described above. > Any additional information that you can provide will be helpful. Sorry, there is none.
I'm not entirely sure if this is helpful or relevant to this issue, but after upgrading Fedora 38 (KDE spin) to 39 I noticed in my journal kscreenlocker_greet failing to open pam_console.so when locking. Nov 10 08:10:29 system kscreenlocker_greet[261131]: PAM unable to dlopen(/usr/lib64/security/pam_console.so): /usr/lib64/security/pam_console.so: cannot open shared object file: No such file or directory Nov 10 08:10:29 system kscreenlocker_greet[261131]: PAM adding faulty module: /usr/lib64/security/pam_console.so /usr/lib64/security/pam_console.so does not exist. Before and after versions are: pam-1.5.2-16.fc38.x86_64 pam-1.5.3-3.fc39.x86_64
That seems more like a warning message, but still it generates messages that could fill the log files. Do you mind opening an issue against that component? They should remove pam_console from their PAM stack and replace it by logind. I think this is already done upstream, so they only need to change some configuration. Please also mention the Fedora System-Wide Change: https://fedoraproject.org/wiki/Changes/RemovePamConsole
Sorry for asking, but would that be here on Red Hat or at KDE's bug tracker?
F39 was released on November 7th, so I am closing this tracker. If this Change was not completed, please notify me ASAP.
f39 /etc/pam.d/kde (via plasma-workspace) still contains an optional reference to pam_console.so. that's what led me here.
If it's optional then you'll only get some warning messages in the logs. Please open a bugzilla for the package to remove the reference.