846843 – pam_lastlog fails when no /var/log/lastlog file exists

Bug 846843 - pam_lastlog fails when no /var/log/lastlog file exists

Summary: pam_lastlog fails when no /var/log/lastlog file exists

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pam
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-08-08 21:08 UTC by Daniel Drake
Modified:	2012-08-09 16:34 UTC (History)
CC List:	1 user (show)
Fixed In Version:	pam-1.1.5-9.fc18
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-08-09 16:34:03 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Daniel Drake 2012-08-08 21:08:46 UTC

Upon upgrading to pam-1.1.5-8.fc18, we can no longer login to the terminal or use "su" on OLPC builds.

The error is: Error in service module

systemd's journal gives a little more info:
pam_lastlog(login:session): unable to open /var/log/lastlog: No such file or directory

/var/log/lastlog doesn't exist. Creating it avoids the issue.

This seems to have popped up now because pam-1.1.5-8.fc18 moves to enabling pam_lastlog by default, with noupdate, and the logic I'm reading at https://lists.fedorahosted.org/pipermail/linux-pam-commits/2012-April/000111.html seems to agree with this behaviour: if open(/var/log/messages) == ENOENT and we're running with noupdate, error out.

Comment 1 Tomas Mraz 2012-08-08 21:23:42 UTC

I'll change the PAM configuration to make the pam_lastlog 'optional' so its failure will not cause the session open to fail.

Note You need to log in before you can comment on or make changes to this bug.