Bug 1685610

Summary: nslcd aborts when rhost is large and UseDNS is true
Product: Red Hat Enterprise Linux 7 Reporter: John Jasen <jjasen>
Component: nss-pam-ldapdAssignee: Tomas Halman <thalman>
Status: CLOSED ERRATA QA Contact: Filip Dvorak <fdvorak>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.7CC: jhrozek
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard: sync-to-jira
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-29 20:12:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Jasen 2019-03-05 16:16:51 UTC 
Description of problem:
remote DNS entry exceeds 63 characters, resulting in nslcd errors such as:

nslcd[6080]: [04f329] client supplied argument 6 bytes too large
sshd[9868]: pam_ldap(sshd:account): error reading from nslcd: Connection reset by peer

Version-Release number of selected component (if applicable):
nss-pam-ldapd-0.8.13-16.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. set a long name in DNS for the client host
2. enable UseDNS on the ssh server
3. ssh from verylongfqdnname to ssh server

Actual results:
sshd[1773]: error: PAM: User account has expired for USERNAME from VERYLONGFQDNNAME

Expected results:
successful login

Additional info:
Comment 2 John Jasen 2019-03-05 16:25:52 UTC 
See Debian bug tracker: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890508
Comment 3 Jakub Hrozek 2019-08-26 12:08:38 UTC 
This seems to have been fixed in https://github.com/arthurdejong/nss-pam-ldapd/commit/c05e3265b7f62b83937f204119555c6a73f29b29 which looks easy enough to backport.
Comment 9 errata-xmlrpc 2020-09-29 20:12:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nss-pam-ldapd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3969