Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#75647 - [pambase] unknown usernames are logged (due to, exposing accidentally typed passwords

Attached to Project: Arch Linux
Opened by Jonathan Krebs (thejonny) - Thursday, 18 August 2022, 18:21 GMT
Last edited by Toolybird (Toolybird) - Friday, 19 August 2022, 04:14 GMT
Task Type Bug Report
Category Packages: Core
Status Assigned
Assigned To David Runge (dvzrv)
Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No



even if `LOG_UNKFAIL_ENAB no` is in `/etc/login.def`, `login` logs unknown usernames on a fresh archlinux installation.

This is caused by pam_shells in `/etc/pam.d/system-login`, which returns `PAM_AUTH_ERR` for unknown users, instead of `PAM_USER_UNKOWN`.

Is `pam_shells` any good for programs apart from `chsh`?

(This is especially painful, if the password is the passphrase for an encrypted home on an unencrypted root.)

Additional info:
* package version(s): pambase 20211210-1
* config and/or log files etc.
* link to upstream bug report, if any:
* I reported the issue also in

Steps to reproduce:
This task depends upon