Bug 106539 - su root fails with pam_ldap authentification
su root fails with pam_ldap authentification
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: nss_ldap (Show other bugs)
rawhide
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks: CambridgeBlocker
  Show dependency treegraph
 
Reported: 2003-10-08 02:25 EDT by Herbert Gasiorowski
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-12 10:31:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Herbert Gasiorowski 2003-10-08 02:25:54 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312

Description of problem:
I have installed fedora 0.94 using kickstart and ldap authentification
(auth --useshadow --enableldap --enableldapauth ...)

Now I cannot "su" to root!

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.su
    

Actual Results:
Password: ********
su: ../../../libraries/libldap/unbind.c:40: ldap_unbind_ext: Assertion `(
(ld)->ld_options.ldo_valid == 0x2 )' failed.
su: ../../../libraries/libldap/unbind.c:40: ldap_unbind_ext: Assertion `(
(ld)->ld_options.ldo_valid == 0x2 )' failed.
Aborted


Expected Results:  successfull login to root


Additional info:

Ldap User Login works for both ssh and su
but for root only via ssh (root is a local account in passwd/shadow).

If I switch to nis (via redhat-config-authentication ) it works again.
Switching back to ldap - it fails again.
Comment 1 Herbert Gasiorowski 2003-10-10 04:05:46 EDT
Besides "su root" I do not have access to ldap hosts entries
  nsswitch.conf: "hosts: files dns ldap"
Host resolving will not return (within one minute or so)!

(Other ldap queries work: passwd,group,netgroup,automount)

Maybe this is the same Problem ...
Comment 2 Herbert Gasiorowski 2003-10-14 09:15:22 EDT
"su root" will not work with Fedora 0.95 either.

But after using the nss_ldap version of /etc/pam.d/su
all seems to work as expected:
   cp /usr/share/doc/nss_ldap-207/pam.d/su /etc/pam.d
Comment 4 John Thacker 2006-10-29 17:50:38 EST
[This is a mass update sent to many bugs that missed earlier such messages due
to having their version set to a test version.]

This bug was originally filed against a version of Fedora Core which is no
longer supported, even for security updates.  Many changes have occured since
then.  Please retest this bug against a still supported version.  Note that FC3
and FC4 are supported by Fedora Legacy for security fixes only.  If
it still occurs on FC5 or FC6, please assign to the correct
version.  Otherwise, if this a security issue, please change the
product to Fedora Legacy.  Thanks, and we are sorry that we did not
get to this bug earlier.

This bug will be closed after a few weeks if no information is given indicating
that the bug is still present in a supported release.
Comment 5 John Thacker 2007-01-12 10:31:52 EST
Closing per lack of response to previous request for information.
This bug was originally filed against a much earlier version of Fedora
Core, and significant changes have taken place since the last version
for which this bug is confirmed.

Note that FC3 and FC4 are supported by Fedora Legacy for security
fixes only.  Please install a still supported version and retest.  If
it still occurs on FC5 or FC6, please reopen and assign to the correct
version.  Otherwise, if this a security issue, please change the
product to Fedora Legacy.  Thanks, and we are sorry that we did not
get to this bug earlier.

Note You need to log in before you can comment on or make changes to this bug.