https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c Andreas Jaeger changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |kukuk@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c2 Jon Nelson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|jnelson-suse@jamponi.net | --- Comment #2 from Jon Nelson 2013-03-05 19:19:52 UTC --- I did not modify that file for sure. This is on a fresh install. I checked /etc/login.def* and there is only /etc/login.defs, no .rpmnew or .rpmsave, etc... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c Thorsten Kukuk changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |yast2-maintainers@suse.de |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c Jiří Suchomel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c5 Thorsten Kukuk changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|kukuk@suse.com | --- Comment #5 from Thorsten Kukuk 2013-03-06 16:07:21 UTC --- (In reply to comment #4)

It is true YaST writes "" for LASTLOG_ENAB, but why is not LASTLOG_ENAB defined in installed /etc/login.defs before?

8 years ago it was decided (I think the request did come from somebody from the security team, but my notes don't go back so far anymore) that LASTLOG_ENAB is a bad idea since it was only used by /bin/login and nothing else, and that we should use pam_lastlog.so instead, so that all tools can use it. The old tools ignored syntax errors, the new tools now aborts, that's why it did not show up earlier. But in any case, YaST should never add new variables to config files, especially not with an empty value, except the user/sysadmin explicit enables this option somewhere ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c7 --- Comment #7 from Thorsten Kukuk 2013-03-06 22:27:36 UTC --- (In reply to comment #6)

Still: if LASTLOG_ENAB is not even present in fresh /etc/login.defs and because it is bad idea itself, should YaST offer its configuration? Shouldn't we drop it completly?

Sorry, misunderstand you: we should not offer it, since nobody uses this variable anymore. So drop completly. And we should check at some point (before SLE12) which variables YaST else uses and if they are still valid. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c9 Jiří Suchomel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #9 from Jiří Suchomel 2013-03-08 07:37:53 UTC --- Hm, so the fix did not make it to openSUSE 12.3 And simply releasing yast2-security for online update won't fix it: current fix means that LASTLOG_ENAB is dropped and that yast2-security won't write new config file variables. Thorsten, how severe is the problem? This looks like all 12.3 users will have that broken line in their login.defs. Maybe we can fix it by some rpm script, that would just look for such line in /etc/login.defs and remove it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c10 Thorsten Kukuk changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED CC| |coolo@suse.com InfoProvider|kukuk@suse.com | --- Comment #10 from Thorsten Kukuk 2013-03-08 08:21:00 UTC --- (In reply to comment #9)

Thorsten, how severe is the problem? This looks like all 12.3 users will have that broken line in their login.defs.

I would assume that at least all users which use the default "automatical configuration" cannot create users/groups after a fresh installation. I had always disabled that option and didn't saw the problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c Jiří Suchomel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED CC| |security-team@suse.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c13 --- Comment #13 from Jiří Suchomel 2013-03-08 12:53:47 UTC --- OK, I've just tested with 12.3 GM: - /etc/login.defs is not broken every time, just when yast2 Security is written. This happens for example when changing password encryption in Users module - even with LASTLOG_ENAB = "" present, useradd can add new user (but it reports error). I guess friend tools act alike. - adding users with YaST is not affected, as expected -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c15 --- Comment #15 from Jiří Suchomel 2013-03-08 13:59:14 UTC --- Created an attachment (id=528911) --> (http://bugzilla.novell.com/attachment.cgi?id=528911) patch for yast2-security -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c17 Jiří Suchomel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #17 from Jiří Suchomel 2013-03-12 12:17:00 UTC --- I hope this is it:

osc maintenancerequest home:jsuchome:12.3 yast2-security openSUSE:12.3 Using target project 'openSUSE:Maintenance' 158659

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c19 --- Comment #19 from Swamp Workflow Management 2013-03-18 16:04:49 UTC --- openSUSE-RU-2013:0474-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 802006,807099 CVE References: Sources used: openSUSE 12.3 (src): yast2-security-2.23.5-1.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c21 --- Comment #21 from Peter Linnell 2013-10-13 05:04:44 UTC --- Yast2 is leaving LASTLOG_ENAB "" in /etc/login.defs which is causing error messages -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c23 Axel Braun changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED CC| |axel.braun@gmx.de InfoProvider|plinnell@suse.com | --- Comment #23 from Axel Braun 2013-11-03 19:18:08 UTC --- Today I did a new installation of 12.3x64 in a virtualbox, all patches applied Right afterwards I installed trytond (see http://code.google.com/p/tryton/wiki/InstallationonopenSUSE ) via zypper, during which a group and user-add should take place. Result: (25/37) Installation von: trytond-2.8.3-5.1 ........................................................................[fertig] Zusätzliche rpm-Ausgabe: configuration error - unknown item 'LASTLOG_ENAB' (notify administrator) configuration error - unknown item 'LASTLOG_ENAB' (notify administrator) I have no /etc/login.defs.rpmnew or similar. User and group were created properly. Any information I can provide? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c25 --- Comment #25 from Jiří Suchomel 2014-01-07 13:42:32 UTC --- Any news? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=807099 https://bugzilla.novell.com/show_bug.cgi?id=807099#c27 --- Comment #27 from Jiří Suchomel 2014-03-20 08:26:26 UTC --- ping... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.