Bug 246517 - pam_pkcs11's NSS causing login to exit early
Summary: pam_pkcs11's NSS causing login to exit early
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: nss   
(Show other bugs)
Version: rawhide
Hardware: All Linux
medium
high
Target Milestone: ---
Assignee: Kai Engert (:kaie) (inactive account)
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-02 19:37 UTC by Nalin Dahyabhai
Modified: 2007-11-30 22:12 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-13 11:06:59 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Nalin Dahyabhai 2007-07-02 19:37:25 UTC
Description of problem:
We're looking at Dan Walsh's laptop, and it looks like the copy of netstat which
NSS is forking (he's using pam_pkcs11) is the child whose exit status is getting
reaped by login (instead of the login shell).  The result is that he's getting
logged out immediately after typing in his password.

Version-Release number of selected component (if applicable):
nss-3.11.7-4.fc8
util-linux-2.13-0.51.fc7
pam_pkcs11-0.5.3-24

How reproducible:
Intermittent, but quite frequently on this one machine.

Steps to Reproduce:
1. Enable pam_pkcs11.
2. Turn off pcscd (if it matters, I'm not sure if it does).
3. Attempt to log in using a password (i.e., without using a smart card).
  
Actual results:
Correct password is typed, user is dumped back to the login prompt.  The system
log notes a successful login, PAM session open/close and all.

Expected results:
A shell prompt.

Additional info:
Daniel's also had a similar experience with pkinit-nss and NSS -- I'll CC him on
this report.  Per bug #238893, it sounds like we can just disable the whole
start-netstat code path at build time and call it solved.

Comment 1 Kai Engert (:kaie) (inactive account) 2007-07-12 01:47:59 UTC
This package version was supposed to include a fix that avoids netstat.
As you found out in that other bug, that fix wasn't working.

I'll build an updated nss package with the improved fix now...


Comment 2 Kai Engert (:kaie) (inactive account) 2007-07-12 03:08:16 UTC
Can you please test nss-3.11.7-5.fc8 ?


Comment 3 Daniel Walsh 2007-07-13 11:06:59 UTC
Confirmed.


Note You need to log in before you can comment on or make changes to this bug.