[Bug 2087549] Re: [SRU] remove pam_lastlog.so from configuration for noble

Tim Andersson 2087549 at bugs.launchpad.net
Fri Nov 8 13:22:06 UTC 2024 

** Also affects: shadow (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Changed in: shadow (Ubuntu)
     Assignee: (unassigned) => Tim Andersson (andersson123)

** Changed in: shadow (Ubuntu Noble)
     Assignee: (unassigned) => Tim Andersson (andersson123)

** Description changed:

  [ Impact ]
  
   * The following line has been found in users logs when trying to log in to their systems:
     login[2449]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory
     This results in users reporting that they cannot login to their systems. They can perhaps do so with other login methods (ssh, login, gdm, xdm, etc) that don't depend on the lastlog binary, but that doesn't suffice.
  
   * The upload fixes the issue by dropping pam_lastlog.so from all
  config, as well as not installing the lastlog binary.
  
  [ Test Plan ]
  
   * Install Trixie in a VM and try to log in post installation. Whether
  or not login fails, check the journal for the aforementioned message, or
  if you login via ssh, the last login message shouldn't appear.
  
  [ Where problems could occur ]
  
   * If there were login methods entirely dependent on pam_lastlog.so, I
  imagine users using these login methods would have trouble. Though this
  pam config I don't believe is widely used.
  
   * TODO: add more info here
  
  [ Other Info ]
  
-  * TODO: potentially add more info here
+  * This should already be fixed in Plucky and onwards, with necessary
+ changes introduced in shadow/1:4.13+dfsg1-5, and in plucky we are
+ already on shadow/1:4.15.3-3ubuntu2.

** Description changed:

  [ Impact ]
  
   * The following line has been found in users logs when trying to log in to their systems:
     login[2449]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory
     This results in users reporting that they cannot login to their systems. They can perhaps do so with other login methods (ssh, login, gdm, xdm, etc) that don't depend on the lastlog binary, but that doesn't suffice.
  
   * The upload fixes the issue by dropping pam_lastlog.so from all
  config, as well as not installing the lastlog binary.
  
  [ Test Plan ]
  
   * Install Trixie in a VM and try to log in post installation. Whether
  or not login fails, check the journal for the aforementioned message, or
  if you login via ssh, the last login message shouldn't appear.
  
  [ Where problems could occur ]
  
-  * If there were login methods entirely dependent on pam_lastlog.so, I
- imagine users using these login methods would have trouble. Though this
- pam config I don't believe is widely used.
- 
-  * TODO: add more info here
+  * Users may no longer see the last login message when logging in via
+ ssh, or other login methods.
  
  [ Other Info ]
  
   * This should already be fixed in Plucky and onwards, with necessary
  changes introduced in shadow/1:4.13+dfsg1-5, and in plucky we are
  already on shadow/1:4.15.3-3ubuntu2.
+ 
+  * pam_lastlog2 is included in util-linux/2.40. We can make changes in
+ shadow going forward that depends on pam_lastlog2 rather than
+ pam_lastlog, going forward. But that's not really relevant to the SRU I
+ guess.

** Description changed:

  [ Impact ]
  
   * The following line has been found in users logs when trying to log in to their systems:
     login[2449]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory
     This results in users reporting that they cannot login to their systems. They can perhaps do so with other login methods (ssh, login, gdm, xdm, etc) that don't depend on the lastlog binary, but that doesn't suffice.
  
   * The upload fixes the issue by dropping pam_lastlog.so from all
  config, as well as not installing the lastlog binary.
  
  [ Test Plan ]
  
   * Install Trixie in a VM and try to log in post installation. Whether
  or not login fails, check the journal for the aforementioned message, or
  if you login via ssh, the last login message shouldn't appear.
  
  [ Where problems could occur ]
  
   * Users may no longer see the last login message when logging in via
  ssh, or other login methods.
  
  [ Other Info ]
  
   * This should already be fixed in Plucky and onwards, with necessary
  changes introduced in shadow/1:4.13+dfsg1-5, and in plucky we are
  already on shadow/1:4.15.3-3ubuntu2.
  
-  * pam_lastlog2 is included in util-linux/2.40. We can make changes in
+  * pam_lastlog2 is included in util-linux/2.40. We can make changes in
  shadow going forward that depends on pam_lastlog2 rather than
  pam_lastlog, going forward. But that's not really relevant to the SRU I
- guess.
+ guess. These changes are planned to be implemented upstream
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?att=0;bug=1068229;msg=39,
+ so likely from Ubuntu's side, we can just wait for the changes.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/2087549

Title:
  [SRU] remove pam_lastlog.so from configuration for noble

Status in shadow package in Ubuntu:
  New
Status in shadow source package in Noble:
  New

Bug description:
  [ Impact ]

   * The following line has been found in users logs when trying to log in to their systems:
     login[2449]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory
     This results in users reporting that they cannot login to their systems. They can perhaps do so with other login methods (ssh, login, gdm, xdm, etc) that don't depend on the lastlog binary, but that doesn't suffice.

   * The upload fixes the issue by dropping pam_lastlog.so from all
  config, as well as not installing the lastlog binary.

  [ Test Plan ]

   * Install Trixie in a VM and try to log in post installation. Whether
  or not login fails, check the journal for the aforementioned message,
  or if you login via ssh, the last login message shouldn't appear.

  [ Where problems could occur ]

   * Users may no longer see the last login message when logging in via
  ssh, or other login methods.

  [ Other Info ]

   * This should already be fixed in Plucky and onwards, with necessary
  changes introduced in shadow/1:4.13+dfsg1-5, and in plucky we are
  already on shadow/1:4.15.3-3ubuntu2.

   * pam_lastlog2 is included in util-linux/2.40. We can make changes in
  shadow going forward that depends on pam_lastlog2 rather than
  pam_lastlog, going forward. But that's not really relevant to the SRU
  I guess. These changes are planned to be implemented upstream
  https://bugs.debian.org/cgi-
  bin/bugreport.cgi?att=0;bug=1068229;msg=39, so likely from Ubuntu's
  side, we can just wait for the changes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2087549/+subscriptions

More information about the foundations-bugs mailing list