[gentoo-user] Warning: Do not update PAM on ~amd64

[Andreas Fink]

Hello,
I've noticed a problem with the current PAM update to
sys-libs/pam-1.4.0.

The update adds passwdqc USE to sys-auth/pambase, which pulls in
sys-auth/passwdqc. However sys-auth/passwdqc fails to build on my
system, and leaves me with an installed sys-libs/pam-1.4.0 which is
broken and does not allow any new login.
The end result is that sys-libs/pam-1.4.0 was successfully merged but
sys-auth/pambase will not be merged, due to a build failure in passwdqc.
Disabling the USE flag passwdqc for pambase allows an update to pambase
too, and logins work again.

 

This is a warning to anyone out there who updates daily and runs an
~amd64.

 

One system that I updated and restarted, I cannot login to it anymore
(or ssh into it). Another system that I updated and currently am
writing from, I'm still logged in after the broken update. and I can
see the following error message (before disabling the USE flag passwdqc
for the package pambase):
PAM unable to dlopen(/lib64/security/pam_cracklib.so): /lib64/security/pam_cracklib.so: cannot open shared object file: No such file or directory
PAM adding faulty module: /lib64/security/pam_cracklib.so

 

After doing a
USE=-passwdqc emerge -a1 pambase
the error messages disappear from the system logs and I am able to
login to my machine again. However if you reboot with the broken state
you will have a hard time updating it, since you cannot login to your
machine anymore and need a chroot from a live system.

 

The bug report for passwdqc is here:
https://bugs.gentoo.org/728528

 

Cheers
Andreas