29563 – pam-login-3.12 brings a broken /etc/pam.d/login

Bug 29563 - pam-login-3.12 brings a broken /etc/pam.d/login

Summary: pam-login-3.12 brings a broken /etc/pam.d/login

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High blocker (vote)
Assignee:	PAM Gentoo Team (OBSOLETE)

URL:
Whiteboard:
Keywords:

Duplicates (1):	31613 (view as bug list)
Depends on:
Blocks:

Reported:	2003-09-25 01:20 UTC by Roberto Nibali
Modified:	2005-05-21 05:38 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Original /etc/pam.d/login (login,463 bytes, text/plain) 2003-10-20 06:28 UTC, Andy Dustman	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Roberto Nibali 2003-09-25 01:20:53 UTC

I was presented with the following diff after upgrading to pam-login-3.12: 
 
--- /etc/pam.d/login    2003-08-10 18:12:23.000000000 +0200 
+++ /etc/pam.d/._cfg0000_login  2003-09-25 10:00:57.000000000 +0200 
@@ -1,12 +1,12 @@ 
 #%PAM-1.0 
- 
-auth       required    /lib/security/pam_securetty.so 
-auth       required    /lib/security/pam_stack.so service=system-auth 
-auth       required    /lib/security/pam_nologin.so 
- 
-account    required    /lib/security/pam_stack.so service=system-auth 
- 
-password   required    /lib/security/pam_stack.so service=system-auth 
- 
-session    required    /lib/security/pam_stack.so service=system-auth 
-session    optional    /lib/security/pam_console.so 
+auth     requisite     pam_unix2.so            nullok #set_secrpc 
+auth    required       pam_securetty.so 
+auth     required       pam_nologin.so 
+#auth   required       pam_homecheck.so 
+auth     required       pam_env.so 
+auth    required       pam_mail.so 
+account  required       pam_unix2.so 
+password required      pam_pwcheck.so          nullok 
+password required       pam_unix2.so           nullok use_first_pass 
use_authtok 
+session  required       pam_unix2.so           none # debug or trace 
+session  required       pam_limits.so 
 
It looked so suspicious in various ways that I made backup of the original /
etc/pam.d/login that was installed. Lucky me, as it turned out that the new /
etc/pam.d/login completely broke my login. 
 
I couldn't login anymore. Please either tell me what I did wrong or revisite 
the config file changes. I for once went back to my backup config file and it 
now works again.

Comment 1 Wojciech Milkowski 2003-09-25 04:48:05 UTC

I had the same problem. My solution is to replace "pam_unix2.so" with "pam_unix.so",
after that evyryting should work fine.

Comment 2 Jon Portnoy (RETIRED) gentoo-dev

2003-09-25 10:17:36 UTC

This is biting a lot of people.

Comment 3 Jon Portnoy (RETIRED) gentoo-dev

2003-09-25 10:20:04 UTC

I've masked 3.12 for now.

Comment 4 Dave Nellans 2003-09-25 10:46:36 UTC

It should be noted for users with this problem that merely emerge -C pam-login
does not delete the bad file if you have already upgraded and you must manually
delete /etc/pam.d/login and then remerge an and older version (pam-3.11-r1)
to get it working again.

Comment 5 Dave Nellans 2003-09-25 11:09:25 UTC

my previous comment wasn't quite correct... /etc/pam.d/login belongs to the
shadow package, NOT pam-login, so you have to remerge shadow it appears if
you want a non-modified copy of that file back.

Comment 6 Tobias Minich 2003-09-25 16:21:10 UTC

If you fix this by replacing "pam_unix2.so" with "pam_unix.so" it works,
but it still complains about a missing "pam_passwd.so" in the log.

Comment 7 Tobias Minich 2003-09-25 16:23:18 UTC

Sorry, mixed it up "pam_pwcheck.so", not "pam_passwd.so".

Comment 8 Martin Klaffenboeck 2003-09-26 00:55:10 UTC

What can I do now to get my old working /etc/pam.d/login file back?

Comment 9 Martin Klaffenboeck 2003-09-26 00:56:55 UTC

Oh, sorry, I should read the comments first.  And take time for that.

Comment 10 Andy Dustman 2003-10-20 06:28:32 UTC

Created attachment 19532 [details]
Original /etc/pam.d/login

This is the original /etc/pam.d/login (or a reasonable facsimile) for those
who
have encountered this problem.

Comment 11 SpanKY gentoo-dev

2003-10-20 12:53:21 UTC

*** Bug 31613 has been marked as a duplicate of this bug. ***

Comment 12 Maurice van der Pot (RETIRED) gentoo-dev

2005-01-08 06:22:40 UTC

This is not an issue anymore, is it? Please close if it isn't.

Comment 13 Diego Elio Pettenò (RETIRED) gentoo-dev

2005-05-21 05:38:49 UTC

This should be fixed since a long time now, please reopen if it's still an 
issue (but I can't see how this can be).