PAM Lastlog change crashing gdm

I’ve rebased to Fedora Silverblue 43 for testing and starting gdm seems to crash due to gdm-launch-environment trying to load pam_lastlog.so, which must have been gone because of Changes/Migrate to lastlog2 - Fedora Project Wiki .

If it changes anything, I’ve got a custom /etc/pam.d/sudo configuration file to load pam_u2f.so for U2F 2FA auth.

How can I prevent pam_lastlog.so from trying to be loaded?

sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: Child process -1694 was already dead.
sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: GdmDisplay: Session never registered, failing
sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: Child process -1694 was already dead.
sept. 16 19:24:05 frama-pc gdm-launch-environment][1722]: PAM unable to dlopen(/usr/lib64/security/pam_lastlog.so): /usr/lib64/security/pam_lastlog.so: Ne peut ouvrir le fichier d'objet partagé: Aucun fichier ou dossier de ce nom
sept. 16 19:24:05 frama-pc gdm-launch-environment][1722]: PAM adding faulty module: /usr/lib64/security/pam_lastlog.so
sept. 16 19:24:05 frama-pc audit[1722]: AUDIT1100 pid=1722 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_permit acct="gdm-greeter-2" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/d>
sept. 16 19:24:05 frama-pc audit[1722]: AUDIT1101 pid=1722 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_permit acct="gdm-greeter-2" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/dev/t>
sept. 16 19:24:05 frama-pc audit: BPF prog-id=95 op=UNLOAD
sept. 16 19:24:05 frama-pc audit: BPF prog-id=94 op=UNLOAD
sept. 16 19:24:05 frama-pc audit: BPF prog-id=93 op=UNLOAD
sept. 16 19:24:05 frama-pc audit[1722]: AUDIT1103 pid=1722 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_permit acct="gdm-greeter-2" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/dev/tty1>
sept. 16 19:24:06 frama-pc systemd[1]: Created slice user-60581.slice - User Slice of UID 60581.
sept. 16 19:24:06 frama-pc systemd[1]: Starting user-runtime-dir@60581.service - User Runtime Directory /run/user/60581...
sept. 16 19:24:06 frama-pc systemd-logind[1300]: New session 'c4' of user 'gdm-greeter-2' with class 'greeter' and type 'wayland'.
sept. 16 19:24:06 frama-pc systemd[1]: Finished user-runtime-dir@60581.service - User Runtime Directory /run/user/60581.
sept. 16 19:24:06 frama-pc audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@60581 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
sept. 16 19:24:06 frama-pc systemd[1]: Starting user@60581.service - User Manager for UID 60581...
sept. 16 19:24:06 frama-pc unix_chkpwd[1740]: could not obtain user info (gdm-greeter-2)
sept. 16 19:24:06 frama-pc unix_chkpwd[1741]: could not obtain user info (gdm-greeter-2)
sept. 16 19:24:06 frama-pc audit[1739]: AUDIT1101 pid=1739 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=? acct="gdm-greeter-2" exe="/usr/lib/systemd/systemd-executor" hostname=frama-pc addr=? terminal=/dev/tty1 res=failed'
sept. 16 19:24:06 frama-pc (systemd)[1739]: user@60581.service: PAM failed: Authentication service cannot retrieve authentication info
sept. 16 19:24:06 frama-pc (systemd)[1739]: user@60581.service: Failed to set up PAM session: Operation not permitted
sept. 16 19:24:06 frama-pc (systemd)[1739]: user@60581.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
sept. 16 19:24:06 frama-pc systemd[1]: user@60581.service: Main process exited, code=exited, status=224/PAM
sept. 16 19:24:06 frama-pc systemd[1]: user@60581.service: Failed with result 'exit-code'.
sept. 16 19:24:06 frama-pc systemd[1]: Failed to start user@60581.service - User Manager for UID 60581.
sept. 16 19:24:06 frama-pc audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@60581 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
sept. 16 19:24:06 frama-pc systemd[1]: Started session-c4.scope - Session c4 of User gdm-greeter-2.
sept. 16 19:24:06 frama-pc gdm-launch-environment][1722]: pam_unix(gdm-launch-environment:session): session opened for user gdm-greeter-2(uid=60581) by (uid=0)
sept. 16 19:24:06 frama-pc audit[1722]: AUDIT1105 pid=1722 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask acct="gdm-greeter-2" exe="/usr/libexec/gdm>
sept. 16 19:24:06 frama-pc /usr/libexec/gdm-wayland-session[1746]: dbus-daemon[1746]: [session uid=60581 pid=1746 pidfd=5] Activating service name='org.freedesktop.systemd1' requested by ':1.0' (uid=60581 pid=1743 comm="/usr/libexec/gdm-wayland-session gnome-session" label="system_>
sept. 16 19:24:06 frama-pc /usr/libexec/gdm-wayland-session[1746]: dbus-daemon[1746]: [session uid=60581 pid=1746 pidfd=5] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
sept. 16 19:24:06 frama-pc gnome-session-i[1750]: Failed to upload environment to systemd: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.systemd1" does not exist
sept. 16 19:24:06 frama-pc gnome-session-i[1750]: Failed to check if unit gnome-session-wayland@gnome-login.target is active: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.systemd1" does not exist
                                                   
                                                   Module libblkid.so.1 from rpm util-linux-2.41.1-16.fc43.x86_64
                                                   Module libpcre2-8.so.0 from rpm pcre2-10.45-1.fc43.1.x86_64
                                                   Module libffi.so.8 from rpm libffi-3.5.1-2.fc43.x86_64
                                                   Module libselinux.so.1 from rpm libselinux-3.9-4.fc43.x86_64
                                                   Module libmount.so.1 from rpm util-linux-2.41.1-16.fc43.x86_64
                                                   Module libz.so.1 from rpm zlib-ng-2.2.5-1.fc43.x86_64
                                                   Module libgmodule-2.0.so.0 from rpm glib2-2.85.4-1.fc43.x86_64
                                                   Module libglib-2.0.so.0 from rpm glib2-2.85.4-1.fc43.x86_64
                                                   Module libgobject-2.0.so.0 from rpm glib2-2.85.4-1.fc43.x86_64
                                                   Module libgio-2.0.so.0 from rpm glib2-2.85.4-1.fc43.x86_64
                                                   Stack trace of thread 1701:
                                                   #0  0x00007f4ac48eaf03 g_log_structured_array (libglib-2.0.so.0 + 0x4bf03)
                                                   #1  0x00007f4ac48eb2dc g_log_default_handler (libglib-2.0.so.0 + 0x4c2dc)
                                                   #2  0x00007f4ac48e6027 g_logv (libglib-2.0.so.0 + 0x47027)
                                                   #3  0x00007f4ac48e63c3 g_log (libglib-2.0.so.0 + 0x473c3)
                                                   #4  0x00005605cbedd00e n/a (/cd/d7a7722db81fed9270a25471c890c7964d18a7903564cabb3226e952e24ec5.file + 0x100e)
                                                   #5  0x00007f4ac46825b5 __libc_start_call_main (libc.so.6 + 0x35b5)
                                                   #6  0x00007f4ac4682668 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x3668)
                                                   #7  0x00005605cbedd655 n/a (/cd/d7a7722db81fed9270a25471c890c7964d18a7903564cabb3226e952e24ec5.file + 0x1655)
                                                   ELF object binary architecture: AMD x86-64
sept. 16 19:24:05 frama-pc systemd[1]: systemd-coredump@2-8193-1709_1710-0.service: Deactivated successfully.
sept. 16 19:24:05 frama-pc audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@2-8193-1709_1710-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
sept. 16 19:24:05 frama-pc audit[1662]: AUDIT1106 pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=? acct="gdm-greeter" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/dev/tty1 res=>
sept. 16 19:24:05 frama-pc audit[1662]: AUDIT1104 pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_permit acct="gdm-greeter" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/dev/tty1 r>
sept. 16 19:24:05 frama-pc gdm-launch-environment][1662]: pam_unix(gdm-launch-environment:session): session closed for user gdm-greeter
sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: GdmDisplay: Session never registered, failing
sept. 16 19:24:05 frama-pc systemd[1]: session-c3.scope: Deactivated successfully.
sept. 16 19:24:05 frama-pc systemd-logind[1300]: Session c3 logged out. Waiting for processes to exit.
sept. 16 19:24:05 frama-pc systemd-logind[1300]: Removed session c3.
sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: Child process -1694 was already dead.
sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: GdmDisplay: Session never registered, failing
sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: Child process -1694 was already dead.
sept. 16 19:24:05 frama-pc gdm-launch-environment][1722]: PAM unable to dlopen(/usr/lib64/security/pam_lastlog.so): /usr/lib64/security/pam_lastlog.so: Ne peut ouvrir le fichier d'objet partagé: Aucun fichier ou dossier de ce nom
sept. 16 19:24:05 frama-pc gdm-launch-environment][1722]: PAM adding faulty module: /usr/lib64/security/pam_lastlog.so
sept. 16 19:24:05 frama-pc audit[1722]: AUDIT1100 pid=1722 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_permit acct="gdm-greeter-2" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/d>
sept. 16 19:24:05 frama-pc audit[1722]: AUDIT1101 pid=1722 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_permit acct="gdm-greeter-2" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/dev/t>
sept. 16 19:24:05 frama-pc audit: BPF prog-id=95 op=UNLOAD
sept. 16 19:24:05 frama-pc audit: BPF prog-id=94 op=UNLOAD
sept. 16 19:24:05 frama-pc audit: BPF prog-id=93 op=UNLOAD
sept. 16 19:24:05 frama-pc audit[1722]: AUDIT1103 pid=1722 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_permit acct="gdm-greeter-2" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/dev/tty1>
sept. 16 19:24:06 frama-pc systemd[1]: Created slice user-60581.slice - User Slice of UID 60581.
sept. 16 19:24:06 frama-pc systemd[1]: Starting user-runtime-dir@60581.service - User Runtime Directory /run/user/60581...
sept. 16 19:24:06 frama-pc systemd-logind[1300]: New session 'c4' of user 'gdm-greeter-2' with class 'greeter' and type 'wayland'.
sept. 16 19:24:06 frama-pc systemd[1]: Finished user-runtime-dir@60581.service - User Runtime Directory /run/user/60581.
sept. 16 19:24:06 frama-pc audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@60581 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
sept. 16 19:24:06 frama-pc systemd[1]: Starting user@60581.service - User Manager for UID 60581...
sept. 16 19:24:06 frama-pc unix_chkpwd[1740]: could not obtain user info (gdm-greeter-2)
sept. 16 19:24:06 frama-pc unix_chkpwd[1741]: could not obtain user info (gdm-greeter-2)
sept. 16 19:24:06 frama-pc audit[1739]: AUDIT1101 pid=1739 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=? acct="gdm-greeter-2" exe="/usr/lib/systemd/systemd-executor" hostname=frama-pc addr=? terminal=/dev/tty1 res=failed'
sept. 16 19:24:06 frama-pc (systemd)[1739]: user@60581.service: PAM failed: Authentication service cannot retrieve authentication info
sept. 16 19:24:06 frama-pc (systemd)[1739]: user@60581.service: Failed to set up PAM session: Operation not permitted
sept. 16 19:24:06 frama-pc (systemd)[1739]: user@60581.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
sept. 16 19:24:06 frama-pc systemd[1]: user@60581.service: Main process exited, code=exited, status=224/PAM
sept. 16 19:24:06 frama-pc systemd[1]: user@60581.service: Failed with result 'exit-code'.
sept. 16 19:24:06 frama-pc systemd[1]: Failed to start user@60581.service - User Manager for UID 60581.
sept. 16 19:24:06 frama-pc audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@60581 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
sept. 16 19:24:06 frama-pc systemd[1]: Started session-c4.scope - Session c4 of User gdm-greeter-2.
sept. 16 19:24:06 frama-pc gdm-launch-environment][1722]: pam_unix(gdm-launch-environment:session): session opened for user gdm-greeter-2(uid=60581) by (uid=0)
sept. 16 19:24:06 frama-pc audit[1722]: AUDIT1105 pid=1722 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask acct="gdm-greeter-2" exe="/usr/libexec/gdm>
sept. 16 19:24:06 frama-pc /usr/libexec/gdm-wayland-session[1746]: dbus-daemon[1746]: [session uid=60581 pid=1746 pidfd=5] Activating service name='org.freedesktop.systemd1' requested by ':1.0' (uid=60581 pid=1743 comm="/usr/libexec/gdm-wayland-session gnome-session" label="system_>
sept. 16 19:24:06 frama-pc /usr/libexec/gdm-wayland-session[1746]: dbus-daemon[1746]: [session uid=60581 pid=1746 pidfd=5] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
sept. 16 19:24:06 frama-pc gnome-session-i[1750]: Failed to upload environment to systemd: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.systemd1" does not exist
sept. 16 19:24:06 frama-pc gnome-session-i[1750]: Failed to check if unit gnome-session-wayland@gnome-login.target is active: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.systemd1" does not exist
set mark: ...skipping...
                                                   
                                                   Module libblkid.so.1 from rpm util-linux-2.41.1-16.fc43.x86_64
                                                   Module libpcre2-8.so.0 from rpm pcre2-10.45-1.fc43.1.x86_64
                                                   Module libffi.so.8 from rpm libffi-3.5.1-2.fc43.x86_64
                                                   Module libselinux.so.1 from rpm libselinux-3.9-4.fc43.x86_64
                                                   Module libmount.so.1 from rpm util-linux-2.41.1-16.fc43.x86_64
                                                   Module libz.so.1 from rpm zlib-ng-2.2.5-1.fc43.x86_64
                                                   Module libgmodule-2.0.so.0 from rpm glib2-2.85.4-1.fc43.x86_64
                                                   Module libglib-2.0.so.0 from rpm glib2-2.85.4-1.fc43.x86_64
                                                   Module libgobject-2.0.so.0 from rpm glib2-2.85.4-1.fc43.x86_64
                                                   Module libgio-2.0.so.0 from rpm glib2-2.85.4-1.fc43.x86_64
                                                   Stack trace of thread 1701:
                                                   #0  0x00007f4ac48eaf03 g_log_structured_array (libglib-2.0.so.0 + 0x4bf03)
                                                   #1  0x00007f4ac48eb2dc g_log_default_handler (libglib-2.0.so.0 + 0x4c2dc)
                                                   #2  0x00007f4ac48e6027 g_logv (libglib-2.0.so.0 + 0x47027)
                                                   #3  0x00007f4ac48e63c3 g_log (libglib-2.0.so.0 + 0x473c3)
                                                   #4  0x00005605cbedd00e n/a (/cd/d7a7722db81fed9270a25471c890c7964d18a7903564cabb3226e952e24ec5.file + 0x100e)
                                                   #5  0x00007f4ac46825b5 __libc_start_call_main (libc.so.6 + 0x35b5)
                                                   #6  0x00007f4ac4682668 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x3668)
                                                   #7  0x00005605cbedd655 n/a (/cd/d7a7722db81fed9270a25471c890c7964d18a7903564cabb3226e952e24ec5.file + 0x1655)
                                                   ELF object binary architecture: AMD x86-64
sept. 16 19:24:05 frama-pc systemd[1]: systemd-coredump@2-8193-1709_1710-0.service: Deactivated successfully.
sept. 16 19:24:05 frama-pc audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@2-8193-1709_1710-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
sept. 16 19:24:05 frama-pc audit[1662]: AUDIT1106 pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=? acct="gdm-greeter" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/dev/tty1 res=>
sept. 16 19:24:05 frama-pc audit[1662]: AUDIT1104 pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_permit acct="gdm-greeter" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/dev/tty1 r>
sept. 16 19:24:05 frama-pc gdm-launch-environment][1662]: pam_unix(gdm-launch-environment:session): session closed for user gdm-greeter
sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: GdmDisplay: Session never registered, failing
sept. 16 19:24:05 frama-pc systemd[1]: session-c3.scope: Deactivated successfully.
sept. 16 19:24:05 frama-pc systemd-logind[1300]: Session c3 logged out. Waiting for processes to exit.
sept. 16 19:24:05 frama-pc systemd-logind[1300]: Removed session c3.
sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: Child process -1694 was already dead.
sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: GdmDisplay: Session never registered, failing
sept. 16 19:24:05 frama-pc gdm[1491]: Gdm: Child process -1694 was already dead.
sept. 16 19:24:05 frama-pc gdm-launch-environment][1722]: PAM unable to dlopen(/usr/lib64/security/pam_lastlog.so): /usr/lib64/security/pam_lastlog.so: Ne peut ouvrir le fichier d'objet partagé: Aucun fichier ou dossier de ce nom
sept. 16 19:24:05 frama-pc gdm-launch-environment][1722]: PAM adding faulty module: /usr/lib64/security/pam_lastlog.so
sept. 16 19:24:05 frama-pc audit[1722]: AUDIT1100 pid=1722 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_permit acct="gdm-greeter-2" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/d>
sept. 16 19:24:05 frama-pc audit[1722]: AUDIT1101 pid=1722 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_permit acct="gdm-greeter-2" exe="/usr/libexec/gdm-session-worker" hostname=frama-pc addr=? terminal=/dev/t>
sept. 16 19:24:05 frama-pc audit: BPF prog-id=95 op=UNLOAD
sept. 16 19:24:05 frama-pc audit: BPF prog-id=94 op=UNLOAD
sept. 16 19:24:05 frama-pc audit: BPF prog-id=93 op=UNLOAD

Should I report the issue? If so, where?

EDIT : I’m guessing it’s possible to regenerate /etc/pam.d/postlogin through authselect once booted on F43 so that the file may contain pam_lastlog2.so instead of pam_lastlog.so, but I don’t want to break my existing F42 deployment at the same time.

That sounds reasonable. Authselect should create backups automatically, but if you want to be extra certain, you could make your own backup with, for example, sudo cp -a /etc/authselect /etc/authselect.bak. Of course, you should set root’s password before you change anything and keep an extra VT open and signed-in with root so you can revert the changes if something doesn’t work.

I’m not sure I understand that statement. Are you saying that you have two different releases of Fedora Linux sharing the same /etc config files? I don’t think that sort of configuration would be supported.

I rebased a VM from F42 to F43 and I can confirm I have the same issue.

I have not edited the PAM config as far as I know.

To have a successful boot I had to boot with my pinned F42 deployment.

Run sudo authselect apply-changes.

Or sudo authselect enable-feature with-silent-lastlog to disable the lastlog feature.

This worked, but I had to edit the grub entry to successfully boot by adding a systemd.unit=multi-user.target because in the normal mode, I’m just presented with a black screen and no access to a TTY.

As far as I understand PAM, this is the default configuration that I had. I also tried to disable even the silent-lastlog without success.

I really think there is an issue with the atomic upgrade/rebase path for the PAM configuration. Tested the same upgrade with a Workstation update and it worked correctly.

You enable silent-lastlog to stop pam from calling the lastlog feature.

The update script should have called /usr/bin/authselect apply-changes, but perhaps that didn’t work in sllverblue. That should be considered a bug if that is the case.

Hi, please open a bug against authselect and make it a F43 release blocker.

Authselect currently applies new profile only inside the rpm scriptlet, which does not work on Silverblue or other ostree systems. I will switch it to systemd unit file that will run at boot.

Thanks for the details!

Bug opened at 2396016 – Authselect doesn't regenerate new profile with pam_lastlog2 support in Fedora Silverblue 43 and added as blocker bug.

Thanks. As a workaround, you can start lines with pam_lastlog in /etc/authselect/postlogin with -

session     optional                   pam_umask.so silent
session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
-session     [default=1]                pam_lastlog.so nowtmp silent
-session     optional                   pam_lastlog.so silent noupdate showfailed

do it on F42, then upgrade and then call `authselect apply-changes`. The minus at the beginning should make PAM ignore the missing module.

Or just remove it completely, that would be just:

session     optional                   pam_umask.so silent

Thanks, this worked. I ran it by SSHing in from a different machine.

For me this did not work at first, since authselect complained that I have no configuration.
So I had to call authselect select local --force first. After that I could run sudo authselect apply-changes. And with that it finally worked.

My assumption to why i had no profile is, that I only upgraded my system, but did not had a fresh install since at least 2018.

Btw, it affects also the regular Fedora version (possibly) upgraded for years: 2396016 – Authselect doesn't regenerate new profile with pam_lastlog2 support in Fedora Silverblue 43