Bug 129328
Summary: | PAM critical error while logging in via ssh | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Brian Bruns <bruns> | ||||||||
Component: | pam | Assignee: | Tomas Mraz <tmraz> | ||||||||
Status: | CLOSED RAWHIDE | QA Contact: | |||||||||
Severity: | high | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | rawhide | CC: | redhat-bugzilla, t8m | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2004-10-14 11:32:25 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | |||||||||||
Bug Blocks: | 123268 | ||||||||||
Attachments: |
|
Description
Brian Bruns
2004-08-06 15:20:00 UTC
Seems to be a general SELinux problem (if pam is build against SELinux), because in a non-SELinux environment I'm not able to reproduce it. Bug still exists in latest pam packages, and openssh packages as of today. I've gone over our SELinux config multiple times, relabeled the system completely. The machine is running the latest 2.6.8.1 kernel with SELinux options turned on. Please let me know if you need any specific debugging output, etc, and how to get them, and I will be more then happy to provide them. I managed to narrow it down to pam-0.77-grubb_leak.patch as the cause of the pam_setcred errors When built without that patch, everything functions as expected with no login problems. Could you please post here contents of your /etc/pam.d/sshd and system-auth files? Also could you please try latest pam and openssh packages from Fedora Development? Created attachment 103832 [details]
sshd file for pam
Created attachment 103833 [details]
system-auth file for pam
I'm using pam-0.77-55 and openssh-3.9p1-3, which are from what I see, both the latest (I've got -55 running right now without the grubb_leak patch, but have tried it with the patch too, and same problem). Created attachment 103944 [details]
This should fix it
This patch should probably fix it for you, but I still don't know why it fails
only for you Brian and nobody else.
The problem is that this return value is normally ignored by the processing but
in your case it isn't and I don't know why. Also I'm not sure what's more
correct behaviour - to ignore the value or not.
Has the patch fixed it for you Brian? Sorry, have been away for the past few days. Yes, the patch does fix the problem and I am able to login without seeing the error in the logs. Problem appears to be fixed in pam-0.77-59. From the changelog: * Thu Sep 23 2004 Phil Knirsch <pknirsch> 0.77-59 - Fixed bug in pam_env where wrong initializer was used And it appears that pam-0.77-defaultconf.patch is what the change was. I've seen the same problem with rlogin to machine running FC3 test2, although ssh login worked in my case. In any case, updating to pam-0.77-59 has fixed the problem. Yes, but pam-0.77-60 will unfix it again as the fix wasn't exactly right. The easiest workaround is to touch /etc/environment file. I've added the attached patch to pam-0.77-61 so it shouldn't be necessary to ship the /etc/environment file. |