Description of problem: The su command segfaults if I configure PAM to authenticate using Kerberos and provide an incorrect password. Version-Release number of selected component (if applicable): coreutils-5.97-11 How reproducible: Every time Steps to Reproduce: 1. Configure PAM as below. 2. su - someuser 3. Enter an incorrect password Actual results: Segmentation fault Expected results: The su utility should refuse to authenticate user and not segfault. Additional info: auth required /lib/security/$ISA/pam_env.so auth optional /lib/security/$ISA/pam_keyring.so auth sufficient /lib/security/$ISA/pam_unix.so use_first_pass auth [authinfo_unavail=ignore success=1 default=2] /lib/security/$ISA/pam_krb5.so use_first_pass auth required /lib/security/$ISA/pam_deny.so [...] If I remove the line for pam_krb5.so then su will not segfault. (gdb) run - mike Starting program: /bin/su - mike [Thread debugging using libthread_db enabled] [New Thread 805494224 (LWP 2555)] Error while reading shared library symbols: Cannot find new threads: generic error Password: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 805494224 (LWP 2555)] 0x07fd60d0 in _pam_dispatch () from /lib/libpam.so.0 (gdb) ba #0 0x07fd60d0 in _pam_dispatch () from /lib/libpam.so.0 #1 0x07fd55d8 in pam_authenticate () from /lib/libpam.so.0 #2 0x08003838 in main (argc=3, argv=0x7f8d54b4) at su.c:364 #3 0x07dc0d4c in generic_start_main () from /lib/libc.so.6 #4 0x07dc0f74 in __libc_start_main () from /lib/libc.so.6 #5 0x00000000 in ?? () (gdb)
If all you've changed is the pam config then it sounds like a pam_krb5 bug. Reassigning..
Is this a bug in the pam library instead? I have used [authinfo_unavail=ignore success=1 default=2], however, there is not enough auth modules listed to jump down two levels in the stack. I realize that this configuration is not quite right. However, su certainly should not segfault!
su isn't -- pam_krb5.so (which it dynamically loads) is, from the sound of it.
This is fixed in Linux-PAM-0.99.10.0 which is in rawhide.