[Bug 2087549] Re: [SRU] remove pam_lastlog.so from configuration for noble

Tim Andersson 2087549 at bugs.launchpad.net
Fri Nov 8 14:37:18 UTC 2024 

** Description changed:

  [ Impact ]
  
   * The following line has been found in users logs when trying to log in to their systems:
     login[2449]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory
     This results in users reporting that they cannot login to their systems. They can perhaps do so with other login methods (ssh, login, gdm, xdm, etc) that don't depend on the lastlog binary, but that doesn't suffice.
  
   * The upload fixes the issue by dropping pam_lastlog.so from all
  config, as well as not installing the lastlog binary.
  
  [ Test Plan ]
  
-  * Install Trixie in a VM and try to log in post installation. Whether
- or not login fails, check the journal for the aforementioned message, or
- if you login via ssh, the last login message shouldn't appear.
+  * Install debian/sid in a VM (I used this iso
+ https://cdimage.debian.org/cdimage/weekly-builds/amd64/iso-dvd/, with
+ shasum
+ 9d6714004fa908387c81e8408caaa5d21e78b554627505f724cf63ca4d171fe7)and try
+ to log in post installation. You should not be able to get past the
+ login screen. I entered my password but did not get past the login
+ screen.
  
  [ Where problems could occur ]
  
   * Users may no longer see the last login message when logging in via
  ssh, or other login methods.
  
  [ Other Info ]
  
   * This should already be fixed in Plucky and onwards, with necessary
  changes introduced in shadow/1:4.13+dfsg1-5, and in plucky we are
  already on shadow/1:4.15.3-3ubuntu2.
  
   * pam_lastlog2 is included in util-linux/2.40. We can make changes in
  shadow going forward that depends on pam_lastlog2 rather than
  pam_lastlog, going forward. But that's not really relevant to the SRU I
  guess. These changes are planned to be implemented upstream
  https://bugs.debian.org/cgi-bin/bugreport.cgi?att=0;bug=1068229;msg=39,
  so likely from Ubuntu's side, we can just wait for the changes.

** Patch added: "noble.debdiff"
   https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2087549/+attachment/5835695/+files/noble.debdiff

** Changed in: shadow (Ubuntu)
   Importance: Undecided => Medium

** Changed in: shadow (Ubuntu Noble)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/2087549

Title:
  [SRU] remove pam_lastlog.so from configuration for noble

Status in shadow package in Ubuntu:
  New
Status in shadow source package in Noble:
  New

Bug description:
  [ Impact ]

   * The following line has been found in users logs when trying to log in to their systems:
     login[2449]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory
     This results in users reporting that they cannot login to their systems. They can perhaps do so with other login methods (ssh, login, gdm, xdm, etc) that don't depend on the lastlog binary, but that doesn't suffice.

   * The upload fixes the issue by dropping pam_lastlog.so from all
  config, as well as not installing the lastlog binary.

  [ Test Plan ]

   * TODO: Need to come up with a test plan

  [ Where problems could occur ]

   * Users may no longer see the last login message when logging in via
  ssh, or other login methods.

  [ Other Info ]

   * This should already be fixed in Plucky and onwards, with necessary
  changes introduced in shadow/1:4.13+dfsg1-5, and in plucky we are
  already on shadow/1:4.15.3-3ubuntu2.

   * pam_lastlog2 is included in util-linux/2.40. We can make changes in
  shadow going forward that depends on pam_lastlog2 rather than
  pam_lastlog, going forward. But that's not really relevant to the SRU
  I guess. These changes are planned to be implemented upstream
  https://bugs.debian.org/cgi-
  bin/bugreport.cgi?att=0;bug=1068229;msg=39, so likely from Ubuntu's
  side, we can just wait for the changes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2087549/+subscriptions

More information about the foundations-bugs mailing list