Instead of tweaking a bunch of ebuilds to remove all references to pam_console from /etc/pam.d/*, then forcing the user to add them manually afterward, why not promote pam_console to a global use flag and let the ebuilds add the references themselves if the flag is present? Reproducible: Always Steps to Reproduce: 1. 2. 3.
I'd say because the idea is of removing pam_console entirely with new version of sys-libs/pam.
Is this an upstream decision, or Gentoo's? Is it going to be replaced with something equivalent? (Group-based access control doesn't scale to hundreds of users sharing hundreds of machines. Whoever is sitting at the console should have control of the devices, not someone logged in remotely.)
Upstream never supported pam_console (it's a RedHat patch). pam_console will probably have its own ebuild for who wants to tinker with it, but it's up to them to change their pam.d files. It's pointless adding pam_console useflag on other packages, as just login and eventually ?dm should use it. Also, it screw ups pretty badly when used in the wrong way.
It's a no-go for now.