Red Hat Bugzilla – Bug 246517
pam_pkcs11's NSS causing login to exit early
Last modified: 2007-11-30 17:12:09 EST
Description of problem:
We're looking at Dan Walsh's laptop, and it looks like the copy of netstat which
NSS is forking (he's using pam_pkcs11) is the child whose exit status is getting
reaped by login (instead of the login shell). The result is that he's getting
logged out immediately after typing in his password.
Version-Release number of selected component (if applicable):
Intermittent, but quite frequently on this one machine.
Steps to Reproduce:
1. Enable pam_pkcs11.
2. Turn off pcscd (if it matters, I'm not sure if it does).
3. Attempt to log in using a password (i.e., without using a smart card).
Correct password is typed, user is dumped back to the login prompt. The system
log notes a successful login, PAM session open/close and all.
A shell prompt.
Daniel's also had a similar experience with pkinit-nss and NSS -- I'll CC him on
this report. Per bug #238893, it sounds like we can just disable the whole
start-netstat code path at build time and call it solved.
This package version was supposed to include a fix that avoids netstat.
As you found out in that other bug, that fix wasn't working.
I'll build an updated nss package with the improved fix now...
Can you please test nss-3.11.7-5.fc8 ?