Bug 480588 - Enabling PAM for a user crashes Satellite and prevents further logins
Enabling PAM for a user crashes Satellite and prevents further logins
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server (Show other bugs)
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Jesus M. Rodriguez
Brandon Perkins
Depends On:
  Show dependency treegraph
Reported: 2009-01-19 05:50 EST by Frank Ederveen
Modified: 2009-01-29 12:18 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-29 12:18:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Frank Ederveen 2009-01-19 05:50:26 EST
User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2)

I'm running 5.1.0 on RHAS4.7. When I enable PAM for a user in satellite, the satellite server stops responging and I get a console message:
*** glibc detected *** free(): invalid pointer: 0x97300050 ***

After that, no users can log in anymore, also ones without PAM.

pam_auth_service = rhn-satellite
encrypted_passwords = 1

I tried with and without encrypted_passwords = 0, no change.

auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so

I removed the test user and created a new one, without ever specifying a password, still the same result:
Service Temporarily Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

There are no messages in catalina.out.


[Mon Jan 19 10:29:02.897 2009] [6456:3086476992] [info] init_jk::mod_jk.c (2775): mod_jk/1.2.25 initialized
[Mon Jan 19 10:37:10.524 2009] [6482:3086476992] [info] ajp_connection_tcp_get_message::jk_ajp_common.c (960): (ajp13) Tomcat has forced a connectio
n close for socket 20
[Mon Jan 19 10:37:10.529 2009] [6482:3086476992] [error] ajp_get_reply::jk_ajp_common.c (1658): (ajp13) Tomcat is down or refused connection. No res
ponse has been sent to the client (yet)
[Mon Jan 19 10:37:10.529 2009] [6482:3086476992] [info] ajp_service::jk_ajp_common.c (2046): (ajp13) receiving from tomcat failed, recoverable opera
tion attempt=0
[Mon Jan 19 10:37:10.529 2009] [6482:3086476992] [info] ajp_service::jk_ajp_common.c (2085): (ajp13) sending request to tomcat failed,  recoverable
operation attempt=1
[Mon Jan 19 10:37:10.530 2009] [6482:3086476992] [info] jk_open_socket::jk_connect.c (473): connect to failed (errno=111)
[Mon Jan 19 10:37:10.530 2009] [6482:3086476992] [info] ajp_connect_to_endpoint::jk_ajp_common.c (891): Failed opening socket

Reproducible: Always

Steps to Reproduce:
1. Enable PAM authentication for a user
2. log in with that user

Expected Results:  
Being able to log in using PAM

As long as I don't try to log in with that PAM enabled user, everything is fine.
Comment 1 Clifford Perry 2009-01-29 12:18:57 EST
Hi there, please open a support ticket for further investigation on this. Internally we run a Satellite with PAM enabled users for devel, QA and stage cycles. 

I feel very confident that the PAM authentication mechanisms do work. The Red Hat Support team can work with you in investigating why this is occurring for yourself. 

They will open a bugzilla if needed. 


Note You need to log in before you can comment on or make changes to this bug.