Description of problem: This is a continuation of bug #139956. That was closed NOTABUG but on further experimentation I am conviced there is something wrong with authd's handling of IPv6 mapped connections. It seems to work fine when invoked manually, but it does NOT find the connections when invoked via xinetd. Version-Release number of selected component (if applicable): authd-1.4.3-1 How reproducible: 100% Steps to Reproduce: 1. Set up a loopback connection with, eg, telnet 127.0.0.1 2. Use lsof or your favorite tool to determine local and remote port numbers. Here I got 37493,23. 3. Interactive invocation of authd works, and so does xinetd: $ /usr/sbin/in.authd --xerror --os 37493,23 37493 , 23 : USERID : Linux :tgl $ telnet localhost 113 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 37493,23 37493 , 23 : USERID : Linux :tgl Connection closed by foreign host. 4. Now try it with IPv6: telnet ::ffff:127.0.0.1 5. Again determine port numbers; I got 37495,23. 6. Interactive invocation works: $ /usr/sbin/in.authd --xerror --os 37495,23 37495 , 23 : USERID : Linux :tgl (But shouldn't this *fail*, since I didn't use --mapped??) 7. Through xinetd, no go: $ telnet localhost 113 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 37495,23 37495 , 23 : ERROR :NO-USER Connection closed by foreign host. 8. Also, it takes about five seconds for the above response to come back, which seems way too long. Here's my xinetd config file (and yes I did sighup xinetd) $ cat /etc/xinetd.d/auth # default: on # description: The authd server handles ident protocol requests. \ # The Identification Protocol (a.k.a., "ident", a.k.a., "the Ident \ # Protocol") provides a means to determine the identity of a user of a \ # particular TCP connection. Given a TCP port number pair, it returns \ # a character string which identifies the owner of that connection on \ # the server's system. UNDERSTAND THE RISKS REGARDING PRIVACY (I.E. \ # SPAM HARVESTERS) BEFORE RUNNING THIS DAEMON WITH NO ARGUMENTS. service auth { disable = no socket_type = stream wait = no user = ident cps = 4096 10 instances = UNLIMITED server = /usr/sbin/in.authd server_args = -t60 --xerror --os --mapped=::ffff:0.0.0.0 } Actual results: Net result is that a service cannot identify local users if they specify ::ffff:127.0.0.1 when connecting. Expected results: Should work ... Additional info:
This bug is still present in FC4.