Package: libauthen-pam-perl Version: 0.16-1 Severity: normal I have a custom service on my local machine that authenticates against an institutional Kerberos server. I run unit tests on an application which uses Authen::PAM and attempts to authenticate nonexistent users against this service. This has worked in the past, and works on up-to-date sarge machines, but has started segfaulting on my unstable machine.
I've attached a test script which demonstrates the problem. The accompanying PAM file for sudo simply says: #%PAM-1.0 auth required pam_krb5.so use_first_pass no_user_check debug bcs is a user which the Kerberos server knows about; kbtest is one which it does not. The program will segfault when the pam_authenticate() method is called to try to authenticate kbtest. I expect it to indicate that authentication failed, as it currently does on sarge. When I run the sudo command normally with a local user that's not on the Kerberos server, an error says: sudo: pam_authenticate: User not known to the underlying authentication module The following debug messages appear in my syslog when I run my test script: Dec 12 16:06:03 localhost perl: (pam_krb5): none: pam_sm_authenticate: entry Dec 12 16:06:06 localhost perl: pam_krb5: verify_krb_v5_tgt(): krb5_kt_read_service_key(): No such file or directory Dec 12 16:06:06 localhost perl: (pam_krb5): bcs: pam_sm_authenticate: exit (success) Dec 12 16:06:06 localhost perl: (pam_krb5): bcs: krb5_cc_destroy: ctx->cache: /tmp/fileszyC8t Dec 12 16:06:06 localhost perl: (pam_krb5): none: pam_sm_authenticate: entry Note that it gets no farther than the "pam_sm_authenticate: entry" message, so I guess things are segfaulting shortly thereafter. And these appear when I run sudo by hand as the nonexistent user: Dec 12 16:08:59 localhost sudo: (pam_krb5): none: pam_sm_authenticate: entry Dec 12 16:09:00 localhost sudo: (pam_krb5): kbtest: krb5_get_init_creds_password(): Client not found in Kerberos database Dec 12 16:09:00 localhost sudo: (pam_krb5): kbtest: pam_sm_authenticate: exit (failure) If you need more information or tests, just let me know. I'm afraid I don't have any details about the Kerberos server itself, and it might be difficult to get them, although I'll certainly try. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12.3-2 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages libauthen-pam-perl depends on: ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an ii libpam0g 0.79-3 Pluggable Authentication Modules l ii perl 5.8.7-8 Larry Wall's Practical Extraction ii perl-base [perlapi-5.8.7] 5.8.7-8 The Pathologically Eclectic Rubbis libauthen-pam-perl recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
