Package: libnss-ldap
Version: 238-1
Severity: grave
After upgrading to 238-1 from 169-1 in sarge pam authentication no
longer works.
If I enter an invalid password I come back immediately:
| [EMAIL PROTECTED]:~$ su - weasel
| Password:
| su: Authentication failure
| Sorry.
|
However, when I enter a valid password su (and login and friends) just hangs:
| [EMAIL PROTECTED]:~$ su - weasel
| Password:
|
sometimes, instead of a hanging process I get:
| su: pthread_mutex_lock.c:78: __pthread_mutex_lock: Assertion
`mutex->__data.__owner == 0' failed.
| zsh: abort su - weasel
While su is hanging strace shows:
| futex(0x8060ae0, FUTEX_WAIT, 2, NULL) = -1 EAGAIN (Resource temporarily
unavailable)
| futex(0x8060ae0, FUTEX_WAIT, 2, NULL) = -1 EAGAIN (Resource temporarily
unavailable)
forever.
A bt shows:
(gdb) bt
| #0 0x4070f3e6 in __lll_mutex_lock_wait () from /lib/tls/libpthread.so.0
| #1 0x4070c893 in _L_mutex_lock_26 () from /lib/tls/libpthread.so.0
| #2 0x400d54c4 in mallopt () from /lib/tls/libc.so.6
| #3 0x40146c4f in pthread_mutex_lock () from /lib/tls/libc.so.6
| #4 0x40455ca1 in ldap_start_tls_s () from /usr/lib/libldap.so.2
| #5 0x40512d33 in gcry_sexp_canon_len () from /usr/lib/libgcrypt.so.11
| #6 0x40512e71 in gcry_sexp_canon_len () from /usr/lib/libgcrypt.so.11
| #7 0x4051fbaf in gcry_randomize () from /usr/lib/libgcrypt.so.11
| #8 0x4051b7b5 in gcry_md_algo_name () from /usr/lib/libgcrypt.so.11
| #9 0x4051b8b2 in gcry_md_open () from /usr/lib/libgcrypt.so.11
| #10 0x404b1fbc in _gnutls_hash_init () from /usr/lib/libgnutls.so.11
| #11 0x404ab7b1 in gnutls_handshake () from /usr/lib/libgnutls.so.11
| #12 0x406e8cb5 in gnutls_SSL_free () from /usr/lib/libldap_r.so.2
| #13 0x406e8dda in gnutls_SSL_connect () from /usr/lib/libldap_r.so.2
| #14 0x406e668e in ldap_pvt_tls_init_def_ctx () from /usr/lib/libldap_r.so.2
| #15 0x406e7696 in ldap_int_tls_start () from /usr/lib/libldap_r.so.2
| #16 0x406c74a7 in ldap_int_open_connection () from /usr/lib/libldap_r.so.2
| #17 0x406d9299 in ldap_new_connection () from /usr/lib/libldap_r.so.2
| #18 0x406c6f11 in ldap_open_defconn () from /usr/lib/libldap_r.so.2
| #19 0x406d8e0f in ldap_send_initial_request () from /usr/lib/libldap_r.so.2
| #20 0x406cf137 in ldap_sasl_bind () from /usr/lib/libldap_r.so.2
| #21 0x406cfb50 in ldap_simple_bind () from /usr/lib/libldap_r.so.2
| #22 0x406a3974 in ?? () from /lib/libnss_ldap.so.2
| #23 0x08060290 in ?? ()
| #24 0x00000000 in ?? ()
| #25 0x00000000 in ?? ()
| #26 0x406f0734 in ?? () from /usr/lib/libldap_r.so.2
| #27 0x00005005 in ?? ()
| #28 0x08060294 in ?? ()
| #29 0xbffff4b8 in ?? ()
| #30 0x406df2f8 in ldap_set_option () from /usr/lib/libldap_r.so.2
| #31 0x406a358d in ?? () from /lib/libnss_ldap.so.2
| #32 0x08060290 in ?? ()
| #33 0x0000001e in ?? ()
| #34 0x00000000 in ?? ()
| #35 0x00000000 in ?? ()
| #36 0x00000000 in ?? ()
| #37 0x00000000 in ?? ()
This just happens in connection with pam it seems. getent passwd and id
weasel all work fine.
Linking against libldap instead of libldap_r fixes the problem.
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
