Package: bash-completion Version: 1:2.1-4.3 Severity: minor Bug #825153 (mysterious "*" passwd queries in LDAP) turned out to be the result of a minor thinko in bash-completion.
The _quote_readline_by_ref() shell function uses "~*" without the tilde being escaped (like all other instances of same), resulting in a getpwnam() lookup for a user named "*". If NSS lookups are going to files, then this is no big deal. But this is occurring in a setup where such queries go to LDAP, and as "*" is not valid syntax for a username, the query is rejected and logged. And there are a _lot_ of log entries coming from this bug. Note that the issue is not even in the upstream bash-completion source, but in a Debian patch: debian/patches/00-fix_quote_readline_by_ref.patch