Control: tags -1 + wontfix help On Sat, 2012-10-27 at 19:35 +0200, Ferenc Wagner wrote: > During shutdown, I got a good bunch of log lines like: > > sshd[21799]: pam_env(sshd:setcred): No such user!? > sshd[21799]: fatal: login_init_entry: Cannot find user "dummy" > > I suspect it's because nslcd was stopped before these ssh sessions > were terminated (by sendsigs, presumably). I'm not quite sure how > serious this problem is, but it would be nice to see it fixed.
I assume this is during shutdown with logged-in LDAP users. The problem seems to be that if an SSH session is terminated when nslcd is already down, the PAM session close operation may give an error because the user no longer exists. This should only be a real problem if you have some PAM module that does something interesting at session close. This is not something that is easily fixable because the alternative, keeping nslcd running longer, is not much better. If nslcd is still running and the network is brought down nslcd will do retries until it is convinced the LDAP server is really unreachable. This would cause a significant delay in the shutdown time. Something that could help here (I haven't tried this though) is to use (u)nscd but I'm not sure if nscd will keep running longer than nslcd. So unless someone can come up with a reasonable approach for this, the problem isn't going to be fixed. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
