# [solved]After USE=-pam, I can't log in

## Irre

It is not possible for me to log in to my server after I rebuilt world!   :Twisted Evil: 

ssh 192.168.1.6

Permission denied (publickey,keyboard-interactive).

Edit: Solved, I managed to connect a monitor and keyboard...Last edited by Irre on Wed Oct 16, 2019 10:19 pm; edited 1 time in total

----------

## asturm

But why did you do that?

----------

## mike155

Irre, developers wanted to remove the package 'virtual/pam'. They didn't want users to remove pam or the USE flag 'pam'.   :Shocked: 

See: https://bugs.gentoo.org/683284

Unfortunately, they forgot to tell users that they may run into trouble after they delete 'virtual/pam' - because some packages can still depend on 'virtual/pam'. 

There's an easy solution: all packages that still depend on 'virtual/pam' must be rebuilt. For example, I had to run 'emerge --oneshot shadow systemd' on my machines.

I really wish developers had written a NEWS item.Last edited by mike155 on Wed Oct 16, 2019 7:56 pm; edited 3 times in total

----------

## Irre

 *asturm wrote:*   

> But why did you do that?

 Because I thought pam was obsolete since virtual/pam was masked...

----------

## Irre

Thank you for information. I can shutdown via a power switch. Then I try to identify what files to restore...

----------

## Tony0945

see https://forums.gentoo.org/viewtopic-p-8379672.html#8379672

Not mentioned, but I also had to edit /etc/ssh/sshd_config on my server  to permit keyboard authentication.

----------

## Hu

 *mike155 wrote:*   

> Unfortunately, they forgot to tell users that they may run into trouble after they delete 'virtual/pam' - because some packages can still depend on 'virtual/pam'. 

 Unmerging virtual/pam should be completely safe, because it does not own any files.  Unmerging it might then allow you to unmerge an actual PAM implementation that was needed - but that is only a problem if the administrator uses emerge --depclean, ignores that it is removing the real PAM, and has not installed any package versions that directly depend on the real PAM.

----------

## Tony0945

Also set UsePAM to "no" in /etc/ssh/sshd_config

Hu:

Stable users can't just remove virtual/pam because packages depend on it. Devs should issue an "r" release to change the dependency to sys-libs/pam

Or just set USE=-pam globally IF not using multi-seat which includes almost all desktop and laptop owners.

This per forum discussions circa 2004 that I found while googling.

```
~ # equery d virtual/pam

 * These packages depend on virtual/pam:

net-fs/samba-4.5.16-r1 (pam ? virtual/pam)

sys-process/cronie-1.5.4 (pam ? virtual/pam)

x11-apps/xdm-1.1.11-r4 (pam ? virtual/pam)

```

----------

## Irre

 *Tony0945 wrote:*   

> Also set UsePAM to "no" in /etc/ssh/sshd_config
> 
> 

 

I missed that.   :Smile: 

----------

## Hu

Yes, Portage might complain about removing the virtual if you use --depclean and have not rebuilt all the consuming packages (or if some consuming packages have not been updated).  However, if you use --unmerge, it will obey you, and it should not break anything because the virtual owns no files.  Removing sys-libs/pam could definitely break things, if you have not updated the consuming packages not to use it.

----------

