+++ This bug was initially created as a clone of Bug #57954 +++ Making use of the UCR variable `auth/faillog` adds the pam_tally module to the PAM configuration on 5.0 systems. The pam_tally and pam_tally2 modules have been removed on 5.2. Upgrades from 5.0 to 5.2 fail if there are references to these modules in the PAM configuration. This bug is about investigating the underlying reason and allowing update with auth/faillog set to true.
Error message (reported here: https://help.univention.com/t/upgrade-to-5-2-issues-with-libpam-modules-and-activated-auth-faillog/23837/2): Preparing to unpack .../libpam-modules_1.4.0-9+deb11u1A~5.1.0.202303221546_amd64.deb ... Configuring libpam-modules -------------------------- you are using pam_tally or pam_tally2 in your configuration The pam_tally and pam_tally2 modules have been removed from PAM. You are using one of these modules in your PAM configuration in /etc/pam.d. You must remove the uses of these modules before PAM can be upgraded; including these modules in your PAM configuration after the upgrade will stop users from being able to log into the system. Consider the pam_faillock module as a replacement for pam_tally. dpkg: error processing archive /var/cache/apt/archives/libpam-modules_1.4.0-9+deb11u1A~5.1.0.202303221546_amd64.deb (--unpack): new libpam-modules:amd64 package pre-installation script subprocess returned error exit status 2 Errors were encountered while processing: /var/cache/apt/archives/libpam-modules_1.4.0-9+deb11u1A~5.1.0.202303221546_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) Error: Failed to execute "apt-get -o DPkg::Options::=--force-confold -o DPkg::Options::=--force-overwrite -o DPkg::Options::=--force-overwrite-dir --trivial-only=no --assume-yes --quiet=1 dist-upgrade" exitcode of univention-updater: 1 ERROR: update failed. Please check /var/log/univention/updater.log