Hide Forgot
This bug has been copied from bug #726475 and has been proposed to be backported to 6.1 z-stream (EUS).
Using the reproducer from https://bugzilla.redhat.com/show_bug.cgi?id=725281 With sssd-1.5.1-34.el6_1.2: # ./check_user2 -s system-auth -n 2000 user8 Password: Error in "pam_authenticate": Module is unknown Authentication failure for user "user8" in loop 767 With sssd-1.5.1-34.el6_1.3: # ./check_user2 -s system-auth -n 2000 user8 Password: User "user8" authenticated successfully 2000 times Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 34.el6_1.3 Build Date: Fri 05 Aug 2011 01:39:11 AM IST Install Date: Fri 05 Aug 2011 02:22:03 PM IST Build Host: x86-006.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-34.el6_1.3.src.rpm Size : 3463891 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Previously, SSSD did not properly close its PAM sockets after an authentication attempt, which eventually resulted in process resource exhaustion and a denial of service situation. The code has been modified to fix this issue, and file descriptors are now properly released when they are no longer in use.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-1143.html