Description of problem: If the namespace.conf file includes in the list of user accounts to not polyinstantiate an account that doesn't exist, pam_namespace.so will fail and no users can log in. Version-Release number of selected component (if applicable): It was seen in pam-0.99.6.2-3.14.el5 but I believe the problem still exists in the latest code. How reproducible: always Steps to Reproduce: 1.configure a system with pam_namespace.so configured as for an LSPP system. This means pam_namespace in the /etc/pam.d/login file and the lines in /etc/security/namespace.conf uncommented. 2.edit /etc/security/namespace.conf to add a login name for an account that doesn't exist. 3.Try to log in Actual results: pam_namespace.so crashes and no users can log in. If debug is enabled for pam_namespace.so the last line in /var/log/secure will be that its parsing the config file. Expected results: Users should be able to log in. Additional info: This is an untested patch. I don't know if there are other instances of the same problem. --- pam_namespace.c 2007-03-29 15:02:06.000000000 -0400 +++ pam_namespace.c.ljk 2007-03-29 15:08:59.000000000 -0400 @@ -302,6 +302,8 @@ static int process_line(char *line, cons *tptr = '\0'; pwd = getpwnam(ustr); + if (!pwd) + continue; *uidptr = pwd->pw_uid; if (i < count - 1) { ustr = tptr + 1;
The patch isn't right but the bug is real. It is fixed in pam-0.99.6.2-3.18.el5.
Well, I said untested. :-) I'll give the updated package a try. Thanks.
The new package solves the problem. Thanks!
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0555.html