pkg/42380: nss_ldap + pam_ldap + sshd = hang, unless you type the wrong password first

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/42380: nss_ldap + pam_ldap + sshd = hang, *unless* you type the wrong password first
From: perseant%hhhh.org@localhost
Date: Thu, 26 Nov 2009 07:10:00 +0000 (UTC)

>Number:         42380
>Category:       pkg
>Synopsis:       nss_ldap + pam_ldap + sshd = hang, *unless* you type the wrong 
>password first
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 26 07:10:00 +0000 2009
>Originator:     Konrad Schroder
>Release:        5.0_STABLE
>Organization:
University of Washington
>Environment:
NetBSD gro.hhhh.org 5.0_STABLE NetBSD 5.0_STABLE (XEN3_DOMU) #1: Wed Nov 25 
12:51:22 PST 2009  
perseant%gro.hhhh.org@localhost:/usr/obj/sys/arch/amd64/compile.amd64/XEN3_DOMU 
amd64

>Description:
I've been debugging a curious problem with an LDAP-enabled system: LDAP users 
are correctly authenticated by PAM, but after they are authenticated the child 
process of sshd hangs forever.  This does *not* happen, however, if they first 
mistype their password.  After typing their password a second time they are 
logged in without difficulty.
>How-To-Repeat:
Follow the steps outlined on 
http://wiki.netbsd.se/OpenLDAP_Authentication_on_NetBSD.  Try to log in, as a 
user defined in LDAP, using ssh.
>Fix:
The only thing I've found that worked, curiously, was to disable 
pthread_at_fork in the nss_ldap package.  I can't tell you why that would 
possibly do anything (I ran across it on the web, and tried it only out of 
desperation) but I can provide a crude patch that fixes the problem neatly on 
my systems:

Index: patches/patch-ah
===================================================================
RCS file: patches/patch-ah
diff -N patches/patch-ah
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-ah    26 Nov 2009 06:53:26 -0000
@@ -0,0 +1,11 @@
+--- ldap-nss.c.old     2009-11-25 22:47:25.000000000 -0800
++++ ldap-nss.c 2009-11-25 22:48:35.000000000 -0800
+@@ -23,6 +23,8 @@
+ 
+ #include "config.h"
+ 
++#undef HAVE_PTHREAD_ATFORK
++
+ #ifdef HAVE_PORT_BEFORE_H
+ #include <port_before.h>
+ #endif

Prev by Date: Re: pkg/42379: libtool-base fails patching, SUA6.1 patch is incompatible
Next by Date: Re: pkg/42379 (libtool-base fails patching, SUA6.1 patch is incompatible)
Previous by Thread: Re: pkg/42379: libtool-base fails patching, SUA6.1 patch is incompatible
Next by Thread: Re: pkg/42379 (libtool-base fails patching, SUA6.1 patch is incompatible)
Indexes:

Home | Main Index | Thread Index | Old Index

pkg/42380: nss_ldap + pam_ldap + sshd = hang, *unless* you type the wrong password first

pkg/42380: nss_ldap + pam_ldap + sshd = hang, unless you type the wrong password first