Ubuntu
shadow package

  1. Bug #2063257
  2. Comment #0

Comment 0 for bug 2063257

Revision history for this message
Andreas Hasenack (ahasenack) wrote : Default pam config for login tries do load non-existent pam module pam_lastlog.so

pam_lastlog.so was dropped by upstream in 1.5.3[1]. It's still there in the code, but not built by default.

And indeed, in noble (1.5.3) we don't have it, while mantic (1.5.2) does.

This does not prevent console logins, but generates an error in the logs:
Apr 23 20:02:09 n1 login[835]: PAM unable to dlopen(pam_lastlog.so): /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory
Apr 23 20:02:09 n1 login[835]: PAM adding faulty module: pam_lastlog.so

Debian's shadow package is also still shipping this config[2].

1. https://github.com/linux-pam/linux-pam/blob/cec36a8cd2c69cc87eacc21da471334fbef128ee/NEWS#L65
2. https://salsa.debian.org/debian/shadow/-/blob/master/debian/login.pam?ref_type=heads#L82