Bug 480588 - Enabling PAM for a user crashes Satellite and prevents further logins
Summary: Enabling PAM for a user crashes Satellite and prevents further logins
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server
Version: 510
Hardware: i686
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jesus M. Rodriguez
QA Contact: Brandon Perkins
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-01-19 10:50 UTC by Frank Ederveen
Modified: 2009-01-29 17:18 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-01-29 17:18:57 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Frank Ederveen 2009-01-19 10:50:26 UTC
User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2)

I'm running 5.1.0 on RHAS4.7. When I enable PAM for a user in satellite, the satellite server stops responging and I get a console message:
*** glibc detected *** free(): invalid pointer: 0x97300050 ***

After that, no users can log in anymore, also ones without PAM.

/etc/rhn/rhn.conf:
pam_auth_service = rhn-satellite
encrypted_passwords = 1

I tried with and without encrypted_passwords = 0, no change.

/etc/pam.d/rhn-satellite:
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so

I removed the test user and created a new one, without ever specifying a password, still the same result:
Service Temporarily Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

There are no messages in catalina.out.

mod_jk.log:

[Mon Jan 19 10:29:02.897 2009] [6456:3086476992] [info] init_jk::mod_jk.c (2775): mod_jk/1.2.25 initialized
[Mon Jan 19 10:37:10.524 2009] [6482:3086476992] [info] ajp_connection_tcp_get_message::jk_ajp_common.c (960): (ajp13) Tomcat has forced a connectio
n close for socket 20
[Mon Jan 19 10:37:10.529 2009] [6482:3086476992] [error] ajp_get_reply::jk_ajp_common.c (1658): (ajp13) Tomcat is down or refused connection. No res
ponse has been sent to the client (yet)
[Mon Jan 19 10:37:10.529 2009] [6482:3086476992] [info] ajp_service::jk_ajp_common.c (2046): (ajp13) receiving from tomcat failed, recoverable opera
tion attempt=0
[Mon Jan 19 10:37:10.529 2009] [6482:3086476992] [info] ajp_service::jk_ajp_common.c (2085): (ajp13) sending request to tomcat failed,  recoverable
operation attempt=1
[Mon Jan 19 10:37:10.530 2009] [6482:3086476992] [info] jk_open_socket::jk_connect.c (473): connect to 127.0.0.1:8009 failed (errno=111)
[Mon Jan 19 10:37:10.530 2009] [6482:3086476992] [info] ajp_connect_to_endpoint::jk_ajp_common.c (891): Failed opening socket



Reproducible: Always

Steps to Reproduce:
1. Enable PAM authentication for a user
2. log in with that user
3.


Expected Results:  
Being able to log in using PAM

As long as I don't try to log in with that PAM enabled user, everything is fine.

Comment 1 Clifford Perry 2009-01-29 17:18:57 UTC
Hi there, please open a support ticket for further investigation on this. Internally we run a Satellite with PAM enabled users for devel, QA and stage cycles. 

I feel very confident that the PAM authentication mechanisms do work. The Red Hat Support team can work with you in investigating why this is occurring for yourself. 

They will open a bugzilla if needed. 

Regards,
Clifford.


Note You need to log in before you can comment on or make changes to this bug.