pam package truncates /var/log/faillog and /var/log/tallylog on upgrade. The script in %post contains incorrect test whether the files already exist or not making it overwriting the files with a zero length file unconditionally. There is no reason to make extra errata for this problem but it needs to be fixed in case of future PAM errata including Z-stream erratas.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
This request was erroneously denied for the current release of Red Hat Enterprise Linux. The error has been fixed and this request has been re-proposed for the current release.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: A mistake in the %post script in the pam package truncated the /var/log/faillog and /var/log/tallylog files on upgrade. The user authentication failure records were lost due to this bug. The mistake was corrected so the files are not truncated anymore. The user authentication failure records are no longer lost on upgrades of the pam package.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0032.html