I found an error in my journal:
May 25 07:33:49 shawntatious login: PAM unable to dlopen(/usr/lib/security/pam_ck_connector.so): /usr/lib/security/pam_ck_connector.so: cannot open shared object file: No such file or directory
That led me to look through my pam configuration. I found that for some reason, pam_ck_connector.so was still in the /etc/pam.d/login config. I removed the line, but I wanted to see what else might be leftovers. I thought I'd try reinstalling util-linux since it owns that file, then I'd be able to look at the .pacnew; it doesn't create a .pacnew file, and it doesn't change the file at all.
So, I have a large number of differences between the files, and I'm wondering if it's safe just to clobber it with the version that's currently in util-linux.
I can reproduce this by adding a bogus line; re-installing util-linux doesn't create a .pacnew file. I assume this is caused by the file being in the backup array, and no actual upgrade is being done. The only solution seems to be to remove the file and re-install util-linux; this will reset the file to what's in the package
Last edited by Spider.007 (2013-05-25 12:20:28)
Upon looking further, I saw that the new login includes other files, and those files had much of what seemed to be missing, but there are still a few lines that weren't there:
account required pam_time.so account required pam_unix.so session required pam_limits.so session optional pam_lastlog.so
I checked and at least the first three of those are included via system--auth. Since I don't really want the system to lock out inactive accounts, I'd just as soon it didn't use pam_lastlog.so.