Description of problem: The cupsd segfaults after I connect to it using an Internet browser and provide it my authentication credentials. My system uses Kerberos for authentication and LDAP for network information. Version-Release number of selected component (if applicable): cups-1.1.23-30.2 pam-0.99.3.0-2 How reproducible: Every time Steps to Reproduce: 1. Install cups-debuginfo and pam-debuginfo. 2. Ensure cupsd is not running 3. gdb cupsd 4. gdb> run -f 5. Use a Internet browser to connect to cups (i.e.: http://localhost:631) 6. Select "Do Administration Tasks" and authenticate Actual results: Cups crashes with the following backtrace: #0 0x001e2e07 in pam_sm_acct_mgmt (pamh=0x81d3010, flags=32768, argc=0, argv=0x0) at pam_access.c:438 #1 0x004cc99f in _pam_dispatch (pamh=0x81d3010, flags=32768, choice=3) at pam_dispatch.c:84 #2 0x004cc0a3 in pam_acct_mgmt (pamh=0x81d3010, flags=32768) at pam_account.c:20 #3 0x009ee1cf in IsAuthorized (con=0xb7cb3008) at auth.c:1079 #4 0x009f52f3 in ReadClient (con=0xb7cb3008) at client.c:1224 #5 0x00a00c12 in main (argc=2, argv=0xbfed4b34) at main.c:781 Expected results: Additional info: My /etc/pam.d/system-auth is as follows: auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account required /lib/security/$ISA/pam_access.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account sufficient /lib/security/$ISA/pam_krb5.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_krb5.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_krb5.so
If you comment out this line: account required /lib/security/$ISA/pam_access.so by putting a '#' character before 'account', does that work around the problem?
Yes, disabling pam_access fixes the symptoms.
Changing component to pam and reassigning.
Already fixed in devel, I will probably update FC5 pam to 0.99.4.0 as well soon.
I can confirm that 0.99.4.0 from Raw Hide seems to fix this problem for me.