Public bug reported: pam_lastlog.so was dropped by upstream in 1.5.3[1][4]. It's still there in the code, but not built by default.
And indeed, in noble (1.5.3) we don't have it, while mantic (1.5.2) does. This does not prevent console logins, but generates an error in the logs: Apr 23 20:02:09 n1 login[835]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory Apr 23 20:02:09 n1 login[835]: PAM adding faulty module: pam_lastlog.so Debian's shadow package is also still shipping this config[2]. If you think we should re-enable pam_lastlog, then this becomes a bug in the src:pam package, but keep in mind upstream is keen on removing it, and we might be better off switching to an alternative, perhaps pam_lastlog2[3]. 1. https://github.com/linux-pam/linux-pam/blob/cec36a8cd2c69cc87eacc21da471334fbef128ee/NEWS#L65 2. https://salsa.debian.org/debian/shadow/-/blob/master/debian/login.pam?ref_type=heads#L82 3. https://wiki.debian.org/PamLastlog2 4. https://github.com/linux-pam/linux-pam/commit/357a4ddbe9b4b10ebd805d2af3e32f3ead5b8816 ** Affects: shadow (Ubuntu) Importance: Undecided Status: New ** Affects: shadow (Ubuntu Noble) Importance: Undecided Status: New ** Affects: shadow (Debian) Importance: Unknown Status: Unknown ** Summary changed: - Default pam config for login tries do load non-existent pam module pam_lastlog.so + Noble: default pam config for login tries do load non-existent pam module pam_lastlog.so ** Also affects: shadow (Ubuntu Noble) Importance: Undecided Status: New ** Summary changed: - Noble: default pam config for login tries do load non-existent pam module pam_lastlog.so + Noble: default pam config for login tries do load non-existent pam_lastlog.so ** Description changed: pam_lastlog.so was dropped by upstream in 1.5.3[1]. It's still there in the code, but not built by default. And indeed, in noble (1.5.3) we don't have it, while mantic (1.5.2) does. - This does not prevent console logins, but generates an error in the logs: Apr 23 20:02:09 n1 login[835]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory Apr 23 20:02:09 n1 login[835]: PAM adding faulty module: pam_lastlog.so + Debian's shadow package is also still shipping this config[2]. - Debian's shadow package is also still shipping this config[2]. + If you think we should re-enable pam_lastlog, then this becomes a bug in + the src:pam package, but keep in mind upstream is keen on removing it, + and we might be better off switching to an alternative, perhaps + pam_lastlog2[3]. 1. https://github.com/linux-pam/linux-pam/blob/cec36a8cd2c69cc87eacc21da471334fbef128ee/NEWS#L65 2. https://salsa.debian.org/debian/shadow/-/blob/master/debian/login.pam?ref_type=heads#L82 + 3. https://wiki.debian.org/PamLastlog2 ** Bug watch added: Debian Bug tracker #1068229 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068229 ** Also affects: shadow (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068229 Importance: Unknown Status: Unknown ** Description changed: - pam_lastlog.so was dropped by upstream in 1.5.3[1]. It's still there in - the code, but not built by default. + pam_lastlog.so was dropped by upstream in 1.5.3[1][4]. It's still there + in the code, but not built by default. And indeed, in noble (1.5.3) we don't have it, while mantic (1.5.2) does. This does not prevent console logins, but generates an error in the logs: Apr 23 20:02:09 n1 login[835]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory Apr 23 20:02:09 n1 login[835]: PAM adding faulty module: pam_lastlog.so Debian's shadow package is also still shipping this config[2]. If you think we should re-enable pam_lastlog, then this becomes a bug in the src:pam package, but keep in mind upstream is keen on removing it, and we might be better off switching to an alternative, perhaps pam_lastlog2[3]. - 1. https://github.com/linux-pam/linux-pam/blob/cec36a8cd2c69cc87eacc21da471334fbef128ee/NEWS#L65 2. https://salsa.debian.org/debian/shadow/-/blob/master/debian/login.pam?ref_type=heads#L82 3. https://wiki.debian.org/PamLastlog2 + 4. https://github.com/linux-pam/linux-pam/commit/357a4ddbe9b4b10ebd805d2af3e32f3ead5b8816 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063257 Title: Noble: default pam config for login tries do load non-existent pam_lastlog.so To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2063257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
