I'm getting these messages in /var/lock/secure, and console.perms is ineffective: Jan 29 21:42:18 cyberelk pam_console[4273]: Could not open lock file /var/lock/console/tim, disallowing console access drwxr-xr-x 2 root root 1024 Jan 29 21:49 /var/lock/console /var is in partition /, mounted rw, 13% used. This is an upgrade from Red Hat Linux 7. I haven't seen this on any other machines though.
Which service are you using to log in (login or kdm or gdm or xdm)? Can you strace the binary from another VT and determine what the error was? If the file exists, what are its permissions?
This defect is considered MUST-FIX for Florence Gold release
This was just a stale /var/lock/console.lock file I think. I removed that and now it works.
Hmm, the same thing happened on another machine now. :-/
Okay, how-to-reproduce: In /etc/sysconfig/desktop, use KDE. Reboot the machine to clear out any old console.lock. Go to runlevel 5. Log in remotely to observe. In the remote terminal, verify that (for example) /dev/dsp is owned by root.root. Log on as a non-root user. Verify that /dev/dsp is owned by that user. Log out. /dev/dsp is still owned by the non-root user. This is looking at lot like bug 25048 now actually.
*** This bug has been marked as a duplicate of 25048 ***
Okay, 25048 is fixed, but this bug remains.
Created attachment 9002 [details] kdebase-pamexit.patch
The above patch fixes it for me. kdm was calling pam_close_session and setuid in the wrong order. Someone should check that this patch doesn't introduce any extra security problems, but I think it's fine (it's similar to what /bin/login does).
Fixed, thanks for the patch.