On a rawhide system that uses krb for passwords and ldap for group info login does not work wirh pam 0.77-65 (logs show krb5 passwd works, id on the user works for root, but login fails with "can not retrieve auth info") Reverting to FC2 pam+authconfig fixes the problem
Could you please try pam+authconfig from FC3test1 and FC3test2?
Won't have the time to do it before monday;( Though the rawhide box is regularly synched, and worked two days ago, to I suppose the breakage is fairly recent and the FC3Tests should all work
Now I know the cause - it happened in pam-0.77-58
As I suspected the FC3T3 login stack works. So pam-0.77-58 is not the culprit -rw-r--r-- 1 root root 259456 oct 4 19:17 authconfig-4.6.5-1.i386.rpm -rw-r--r-- 1 root root 35644 oct 4 19:17 authconfig-gtk-4.6.5-1.i386.rpm -rw-r--r-- 1 root root 1904160 sep 29 20:24 pam-0.77-60.i386.rpm -rw-r--r-- 1 root root 80804 sep 29 20:24 pam-devel-0.77-60.i386.rpm
I'm sorry but I cannot reproduce it here. (I've setup krb5 authentication with ldap account info and I can successfully log in using that configuration with users which aren't or are in /etc/passwd). And if I look at the changes between pam-0.77-60 and pam-0.77-65 there were virtually no changes which could affect this.
Well there is an authconfig version change too since FC3T3 so the bug might be there not in pam. Anyway the problem is 100% reproductible. Just tell me what tests you want me to run and I'll do them (when I have access to the system ie during french business hours)
Login failure messages with rawhide pam : Oct 25 13:43:03 ulysse login(pam_unix)[25677]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= Oct 25 13:43:03 ulysse login[25677]: pam_krb5[25677]: authentication succeeds for 'nim' (nim) Oct 25 13:43:03 ulysse login[25677]: Authentication service cannot retrieve authentication info. [nim@ulysse ~]$ id nim uid=500(nim) gid=500(nim) groupes=500(nim),400(one2team),401(cvs),407(sys)
Please attach your /etc/pam.d/system-auth and login files. Also can you add debug option to the pam_stack module calls in the /etc/pam.d/login and add line: *.=debug /var/log/debug to the /etc/syslog.conf and rerun the test with the failing packages and attach the debug log file? Thank you.
Created attachment 105718 [details] login
Created attachment 105719 [details] system-auth
Created attachment 105720 [details] debug traces
After testing your rpms pam-0.77-62 works, pam-0.77-63 and later - not
Bingo! So I fixed a bug and it revealed another bug (this time in the pam configuration) - could you reupgrade to pam-0.77-65 and add broken_shadow option to the account line of pam_unix module? If it helps I'll change authconfig to add this option when using configuration like yours. Thank you for the testing.
Additional Comment #7 From Nicolas Mailhot (Nicolas.Mailhot) on 2004-10-27 06:26 ------- With account required /lib/security/$ISA/pam_unix.so broken_shadow in /etc/pam.d/system-auth the rawhide login stack works. Thanks ! (not closing since the packages are not fixed yet)
This is fixed in FC3 and RHEL4 packages.
*** Bug 142820 has been marked as a duplicate of this bug. ***