Today, for the first time I ran into this problem on my own system. From the logs:
May 23 19:26:06 sorbet nslcd[2916]: accepting connections May 23 19:26:06 sorbet nslcd[2916]: Libgcrypt notice: state transition Power-On => Fatal-Error May 23 19:26:06 sorbet nslcd[2916]: Libgcrypt error: fatal error in file visibility.c, line 1283, function gcry_create_nonce: called in non-operational state May 23 19:26:06 sorbet nslcd[2916]: Libgcrypt terminated the application This is before handling any connections which would involve crypto. The only thing that is done after logging the "accepting connections" message is start some threads and install signal handlers and change the signal mask. The threads at this point probably did a few calls to malloc() and one call to select(). The code can be found here (line 807 logs the first message): http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd-0.8/nslcd/nslcd.c?revision=1950 Before the first log line the following calls are done which could be relevant (in this order): ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, 0) umask(022) daemon(0, 0) pthread_sigmask() initgroups() setgid() setuid() Is there something that nslcd should be doing differently? On Tue, 2011-10-04 at 15:11 +0200, Werner Koch wrote: > On Sun, 2 Oct 2011 17:24, adej...@debian.org said: > > Btw, it seems to be pretty bad for a library to abort the whole > > application when it's state is inconsistent. > > This is a FIPS requirement. You are running your system in FIPS mode - > see the manual. How can I put my system in sane mode ;) (which manual)? Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part