Mario - thanks for the pointer - those are presumably spare copies of the working files in /etc/pam.d/
But you're right - the common-session file in the /usr/share/pam set doesn't have the pam-deny.so line - it has pam-permit.so instead. I checked the common-auth files in /etc/pam.d/ and /usr/share/pam/, and they are the way common-session used to be - a line "auth requisite pam_deny.so" and a line "auth required pam_permit.so". The header of the files in /usr/share/pam/ refers to pam 1.0.1-4, by the way, while the files in /etc/pam.d/ refer to pam 1.0.1-3. It looks as if this is a new paradigm being implemented on the wing, as it were.... I'm sure we'll get it all right soon. The block labels $session_primary and $session_additional look as if they will be new in version 1.0.1-4. Wonder what would happen if I tried using those versions with 1.0.1-3 installed.... -- [PAM] Unable to login: Cannot make/remove an entry for the specified session https://bugs.launchpad.net/bugs/259867 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs