Upon upgrading to pam-1.1.5-8.fc18, we can no longer login to the terminal or use "su" on OLPC builds. The error is: Error in service module systemd's journal gives a little more info: pam_lastlog(login:session): unable to open /var/log/lastlog: No such file or directory /var/log/lastlog doesn't exist. Creating it avoids the issue. This seems to have popped up now because pam-1.1.5-8.fc18 moves to enabling pam_lastlog by default, with noupdate, and the logic I'm reading at https://lists.fedorahosted.org/pipermail/linux-pam-commits/2012-April/000111.html seems to agree with this behaviour: if open(/var/log/messages) == ENOENT and we're running with noupdate, error out.
I'll change the PAM configuration to make the pam_lastlog 'optional' so its failure will not cause the session open to fail.