Bug 1425790
| Summary: | Unable to authenticate with 64 character password using nss-pam-ldapd | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Andrey Bondarenko <abondare> | |
| Component: | nss-pam-ldapd | Assignee: | Jakub Hrozek <jhrozek> | |
| Status: | CLOSED ERRATA | QA Contact: | Martin Zelený <mzeleny> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.3 | CC: | jhrozek, minyu, mzeleny, pkis | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | nss-pam-ldapd-0.8.13-12.el7 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1773506 (view as bug list) | Environment: | ||
| Last Closed: | 2018-04-10 17:24:59 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1420851, 1773506 | |||
*** Bug 1536135 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0935 |
Description of problem: A user with a 64 character password fails when trying to authenticate. /var/log/messages: Feb 21 10:07:40 new1 sudo: pam_ldap(sudo-i:auth): error reading from nslcd: Connection reset by peer Feb 21 10:07:43 new1 sudo: pam_ldap(sudo-i:auth): error reading from nslcd: Connection reset by peer Feb 21 10:07:46 new1 sudo: pam_ldap(sudo-i:auth): error reading from nslcd: Connection reset by peer Running nslcd in debug mode: [root@new1 ~]# nslcd -d nslcd: DEBUG: add_uri(ldaps://authentication2.host.net/) nslcd: DEBUG: add_uri(ldaps://authentication1.host.net/) nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR,"/etc/openldap/cacerts") nslcd: version 0.8.13 starting nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory nslcd: DEBUG: initgroups("nslcd",55) done nslcd: DEBUG: setgid(55) done nslcd: DEBUG: setuid(65) done nslcd: accepting connections nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [8b4567] DEBUG: connection from pid=18320 uid=0 gid=600 nslcd: [8b4567] client supplied argument 1 bytes too large Version-Release number of selected component (if applicable): nss-pam-ldapd-0.8.13-8.el7.x86_64 How reproducible: Have user with 64 characters in password. Steps to Reproduce: 1. Configure system to use nslcd for the auth 2. Set up user with password longer then 64 chars 3. Try auth Actual results: fail Expected results: authentication Additional info: In 5 and 6 not reproducible.