Red Hat Bugzilla – Bug 136760
latest rawhide pam kills krb+ldap logins
Last modified: 2007-11-30 17:10:52 EST
On a rawhide system that uses krb for passwords and ldap for group
info login does not work wirh pam 0.77-65
(logs show krb5 passwd works, id on the user works for root, but login
fails with "can not retrieve auth info")
Reverting to FC2 pam+authconfig fixes the problem
Could you please try pam+authconfig from FC3test1 and FC3test2?
Won't have the time to do it before monday;(
Though the rawhide box is regularly synched, and worked two days ago,
to I suppose the breakage is fairly recent and the FC3Tests should all
Now I know the cause - it happened in pam-0.77-58
As I suspected the FC3T3 login stack works. So pam-0.77-58 is not the
-rw-r--r-- 1 root root 259456 oct 4 19:17 authconfig-4.6.5-1.i386.rpm
-rw-r--r-- 1 root root 35644 oct 4 19:17
-rw-r--r-- 1 root root 1904160 sep 29 20:24 pam-0.77-60.i386.rpm
-rw-r--r-- 1 root root 80804 sep 29 20:24 pam-devel-0.77-60.i386.rpm
I'm sorry but I cannot reproduce it here. (I've setup krb5
authentication with ldap account info and I can successfully log in
using that configuration with users which aren't or are in /etc/passwd).
And if I look at the changes between pam-0.77-60 and pam-0.77-65 there
were virtually no changes which could affect this.
Well there is an authconfig version change too since FC3T3 so the bug
might be there not in pam.
Anyway the problem is 100% reproductible. Just tell me what tests you
want me to run and I'll do them (when I have access to the system ie
during french business hours)
Login failure messages with rawhide pam :
Oct 25 13:43:03 ulysse login(pam_unix): authentication failure;
logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
Oct 25 13:43:03 ulysse login: pam_krb5: authentication
succeeds for 'nim' (nim@OLYMPE.O2T)
Oct 25 13:43:03 ulysse login: Authentication service cannot
retrieve authentication info.
[nim@ulysse ~]$ id nim
uid=500(nim) gid=500(nim) groupes=500(nim),400(one2team),401(cvs),407(sys)
Please attach your /etc/pam.d/system-auth and login files.
Also can you add debug option to the pam_stack module calls in the
/etc/pam.d/login and add line:
to the /etc/syslog.conf and rerun the test with the failing packages
and attach the debug log file?
Created attachment 105718 [details]
Created attachment 105719 [details]
Created attachment 105720 [details]
After testing your rpms pam-0.77-62 works, pam-0.77-63 and later - not
So I fixed a bug and it revealed another bug (this time in the pam
configuration) - could you reupgrade to pam-0.77-65 and add
broken_shadow option to the account line of pam_unix module?
If it helps I'll change authconfig to add this option when using
configuration like yours.
Thank you for the testing.
Additional Comment #7 From Nicolas Mailhot
(Nicolas.Mailhot@laPoste.net) on 2004-10-27 06:26 -------
account required /lib/security/$ISA/pam_unix.so broken_shadow
the rawhide login stack works. Thanks !
(not closing since the packages are not fixed yet)
This is fixed in FC3 and RHEL4 packages.
*** Bug 142820 has been marked as a duplicate of this bug. ***