Bug 378201
Summary: | sigsegv when using libpam-passthrou-plugin and pamSecure FALSE | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Giuseppe Paterno <gpaterno> | ||||
Component: | Server - Plugins | Assignee: | Rich Megginson <rmeggins> | ||||
Status: | CLOSED NEXTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 1.1.0 | CC: | benl, ssorce | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-03-25 20:02:08 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Giuseppe Paterno
2007-11-12 16:28:43 UTC
Created attachment 255401 [details]
Strace of the sigsegv
Can you also paste your /etc/nsswitch.conf? It looks like you are using nss_ldap somewhere along the way. There is a big problem with using nss_ldap in the directory server or admin server process - the mozldap libraries we use are not binary compatible with the openldap ones. So either nss_ldap is making an ldap api call with the mozldap library, or the directory server is attempting to use the openldap library. Indeed I'm using LDAP in nsswitch, as I've got the server configured also as a client (testing FreeIPA).Below nsswitch.conf: ------------------------------------------------------------------------ passwd: files ldap shadow: files ldap group: files ldap #hosts: db files nisplus nis dns hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files ldap publickey: nisplus automount: files ldap aliases: files nisplus ------------------------------------------------------------------------ Your thoughts make sense to me, altough I do believe that libpam should use pam framework that in turns makes the openldap call..... My aim is to have the DS authenticate bind requests against kerberos. If you have some suggestions, feel free to contact me in private. Thanks. > My aim is to have the DS authenticate bind requests against kerberos.
> If you have some suggestions, feel free to contact me in private. Thanks.
You mean, have the DS authenticate simple bind (username/password) requests
against kerberos? That's what the pam passthru plugin was designed for. I know
it works if you do not use ldap in /etc/nsswitch.conf or in your pam stack.
This is how Red Hat uses Red Hat Dir. Srv. internally. Simo and I discussed the
pam_ldap/nss_ldap issue yesterday on IRC - he is trying to figure out how to
solve this problem for freeipa. He may have some more info.
Is this still a problem? The core dump should be fixed in the next release of Fedora DS. Please reopen if appropriate. |