2020-12-11

Upcoming PAM upgrade requires review of custom configurations

Void Linux currently packages PAM version 1.3.0 and, until today, a standard PAM configuration that requires the pam_tally and pam_lastlog authentication modules. The pam_tally module was deprecated in 1.4.0 and removed in 1.5.0, and the pam_lastlog module is no longer built for musl systems. The Void team plans to upgrade to PAM 1.5.1 by the end of the year.

For the upgraded PAM to function properly, any pam_tally (and, for musl users, pam_lastlog) requirements must be removed from the configuration files in /etc/pam.d. An updated pam-base package released today removes the pam_tally and pam_lastlog requirements from the standard configuration. If you have not modified the standard PAM configuration and have not enabled the XBPS keepconf option described in xbps.d(5), upgrading the pam-base package should be sufficient to adjust your configuration.

Whether or not you have modified the PAM configuration, please make sure to upgrade pam-base and confirm that no configuration files in /etc/pam.d contain references to the pam_tally module (and pam_lastlog on musl) before upgrading to PAM 1.5.1 when it becomes available.