Bug 246517 - pam_pkcs11's NSS causing login to exit early
pam_pkcs11's NSS causing login to exit early
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: nss (Show other bugs)
rawhide
All Linux
medium Severity high
: ---
: ---
Assigned To: Kai Engert (:kaie) (on vacation)
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-02 15:37 EDT by Nalin Dahyabhai
Modified: 2007-11-30 17:12 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-13 07:06:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nalin Dahyabhai 2007-07-02 15:37:25 EDT
Description of problem:
We're looking at Dan Walsh's laptop, and it looks like the copy of netstat which
NSS is forking (he's using pam_pkcs11) is the child whose exit status is getting
reaped by login (instead of the login shell).  The result is that he's getting
logged out immediately after typing in his password.

Version-Release number of selected component (if applicable):
nss-3.11.7-4.fc8
util-linux-2.13-0.51.fc7
pam_pkcs11-0.5.3-24

How reproducible:
Intermittent, but quite frequently on this one machine.

Steps to Reproduce:
1. Enable pam_pkcs11.
2. Turn off pcscd (if it matters, I'm not sure if it does).
3. Attempt to log in using a password (i.e., without using a smart card).
  
Actual results:
Correct password is typed, user is dumped back to the login prompt.  The system
log notes a successful login, PAM session open/close and all.

Expected results:
A shell prompt.

Additional info:
Daniel's also had a similar experience with pkinit-nss and NSS -- I'll CC him on
this report.  Per bug #238893, it sounds like we can just disable the whole
start-netstat code path at build time and call it solved.
Comment 1 Kai Engert (:kaie) (on vacation) 2007-07-11 21:47:59 EDT
This package version was supposed to include a fix that avoids netstat.
As you found out in that other bug, that fix wasn't working.

I'll build an updated nss package with the improved fix now...
Comment 2 Kai Engert (:kaie) (on vacation) 2007-07-11 23:08:16 EDT
Can you please test nss-3.11.7-5.fc8 ?
Comment 3 Daniel Walsh 2007-07-13 07:06:59 EDT
Confirmed.

Note You need to log in before you can comment on or make changes to this bug.