FS#67641 - [pam][pambase] Cannot log in after upgrade to 1.4.0-3

Attached to Project: Arch Linux
Opened by Mark Conway Wirt (mcw) - Wednesday, 19 August 2020, 17:52 GMT
Last edited by Doug Newgard (Scimmia) - Thursday, 20 August 2020, 04:49 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:

Upon updating pam to 1.4.0-3 (and pambase 20200721.1-2) I am no longer able to log in. The error message is as follows:


PAM unable to dlopen(/usr/lib/security/pam_tally2.so): /usr/lib/security/pam_tally2.so: cannot open shared object file: No such file or directory

Aug 19 13:15:41 lucid2 sshd[23896]: PAM unable to dlopen(/usr/lib/security/pam_tally2.so): /usr/lib/security/pam_tally2.so: cannot open shared object file: No such file or directory
Aug 19 13:15:41 lucid2 sshd[23896]: PAM adding faulty module: /usr/lib/security/pam_tally2.so
Aug 19 13:15:41 lucid2 dbus-daemon[461]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.173' (uid=0 pid=23896 comm="sshd: mark [priv] ")
Aug 19 13:15:41 lucid2 dbus-daemon[461]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freedesktop.home1.service not found.
Aug 19 13:15:41 lucid2 sshd[23896]: pam_systemd_home(sshd:account): Failed to query user record: Unit dbus-org.freedesktop.home1.service not found.
Aug 19 13:15:41 lucid2 audit[23896]: USER_ACCT pid=23896 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=? acct="mark" exe="/usr/bin/sshd" hostname=192.168.0.36 addr=192.168.0.36 terminal=ssh res=failed'
Aug 19 13:15:41 lucid2 sshd[23896]: fatal: Access denied for user mark by PAM account configuration [preauth]

Looking at the directory /usr/lib/security, there is in fact no pam_tally2.so after upgrade

Downgrading the machine allows me to log in.

Additional info:
* package version(s) PAM 1.4.0-3, Pambase 20200721.1-2
* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:

Upgrade to 1.4.0-3. Try to log in.

Because this doesn't seem reported yet I assume that it's not widespread and affects my machine owing to something about it's paticular configuration, but I don't know what that would be. I have not updated any of my pam configs manually.


Here is a more complete log. Note that this shows a login via ssh, but I am not able to log into the console either.

Aug 19 13:15:41 lucid2 sshd[23896]: PAM unable to dlopen(/usr/lib/security/pam_tally2.so): /usr/lib/security/pam_tally2.so: cannot open shared object file: No such file or directory
Aug 19 13:15:41 lucid2 sshd[23896]: PAM adding faulty module: /usr/lib/security/pam_tally2.so
Aug 19 13:15:41 lucid2 dbus-daemon[461]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.173' (uid=0 pid=23896 comm="sshd: mark [priv] ")
Aug 19 13:15:41 lucid2 dbus-daemon[461]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freedesktop.home1.service not found.
Aug 19 13:15:41 lucid2 sshd[23896]: pam_systemd_home(sshd:account): Failed to query user record: Unit dbus-org.freedesktop.home1.service not found.
Aug 19 13:15:41 lucid2 audit[23896]: USER_ACCT pid=23896 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=? acct="mark" exe="/usr/bin/sshd" hostname=192.168.0.36 addr=192.168.0.36 terminal=ssh res=failed'
Aug 19 13:15:41 lucid2 sshd[23896]: fatal: Access denied for user mark by PAM account configuration [preauth]
This task depends upon

Closed by  Doug Newgard (Scimmia)
Thursday, 20 August 2020, 04:49 GMT
Reason for closing:  Not a bug
Additional comments about closing:  .pacnew files are your responsibility.
Comment by Mark Conway Wirt (mcw) - Wednesday, 19 August 2020, 17:54 GMT
Note. While I was creating this another, similar bug report was opened. This is probably a duplicate.
Comment by loqs (loqs) - Wednesday, 19 August 2020, 18:01 GMT
Please merge the .pacnew files in /etc/pam.d. pam_tally.so and pam_tally2.so were dropped.
Comment by Mark Conway Wirt (mcw) - Wednesday, 19 August 2020, 18:41 GMT
That worked.

It would perhaps be good to add a "manual intervention required" to the home page. I did not see one.

Thank you.
Comment by Adis Nezirović (adis) - Wednesday, 19 August 2020, 21:01 GMT
For recovery, it is enough to boot with kernel option "systemd.unit=rescue.target", then proceed into /etc/pam.d and merge "system-auth" and "system-auth.pacnew"

Loading...