You are not logged in.

#1 2013-05-25 12:07:10

shawnjgoff
Member
Registered: 2010-07-04
Posts: 14

etc/pam.d/login is different - okay to replace with original?

I found an error in my journal:

May 25 07:33:49 shawntatious login[3006]: PAM unable to dlopen(/usr/lib/security/pam_ck_connector.so): /usr/lib/security/pam_ck_connector.so: cannot open shared object file: No such file or directory

That led me to look through my pam configuration. I found that for some reason, pam_ck_connector.so was still in the /etc/pam.d/login config. I removed the line, but I wanted to see what else might be leftovers. I thought I'd try reinstalling util-linux since it owns that file, then I'd be able to look at the .pacnew; it doesn't create a .pacnew file, and it doesn't change the file at all.

So, I have a large number of differences between the files, and I'm wondering if it's safe just to clobber it with the version that's currently in util-linux.

Offline

#2 2013-05-25 12:20:12

Spider.007
Member
Registered: 2004-06-20
Posts: 1,175

Re: etc/pam.d/login is different - okay to replace with original?

I can reproduce this by adding a bogus line; re-installing util-linux doesn't create a .pacnew file. I assume this is caused by the file being in the backup array, and no actual upgrade is being done. The only solution seems to be to remove the file and re-install util-linux; this will reset the file to what's in the package

Last edited by Spider.007 (2013-05-25 12:20:28)

Offline

#3 2013-05-25 12:27:51

shawnjgoff
Member
Registered: 2010-07-04
Posts: 14

Re: etc/pam.d/login is different - okay to replace with original?

Upon looking further, I saw that the new login includes other files, and those files had much of what seemed to be missing, but there are still a few lines that weren't there:

account		required	pam_time.so
account		required	pam_unix.so
session		required	pam_limits.so
session		optional	pam_lastlog.so

Offline

#4 2013-05-27 22:57:50

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: etc/pam.d/login is different - okay to replace with original?

I checked and at least the first three of those are included via system--auth. Since I don't really want the system to lock out inactive accounts, I'd just as soon it didn't use pam_lastlog.so.


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

Board footer

Powered by FluxBB