On Tue, 13 Jul 1999, a sun wrote:
> Jul 12 17:04:30 gneiss afpd[29915]: cleartext login: myer
> Jul 12 17:04:41 gneiss afpd[29915]: atp_rresp: Connection timed out
> Jul 12 17:04:47 gneiss afpd[29917]: session from 17151.117:246 on
> 17175.187:130
>
> what happens if you just use the option key to select appletalk? both
> that way and the /etc/hosts.deny way work fine on my machine.
Using the option key to select Appletalk on my machine (G3 running 8.1, OT
1.3.1), I logged in two times succesfully. The third time, I can't. The
same basic thing happens on an older machine running OS 7.6.1 and OT
1.1.2. I can login once via Appletalk. However, any further attempts to
use Appletalk fail, regardless of the machine I attempt to login from. Any
additional attempts to login over Appletalk result in an immediate kill of
the afpd child process. ASIP continues to function as expected.
I put a little more effort into debugging this (should have before I
posted) and I found out where afpd is being killed - its immediately after
afpd opens /etc/passwd and reads in the root entry. I am also 95% sure it
has to do with using nsswitch.conf to control that stuff because if I
disable services, networks,protocols, and ethers and just let it pull that
stuff out of files, it works. The program bombs when it attempts to write
and that write causes a SIGPIPE. I'm at the limits of my UNIX programming
as to what exactly is going on but here's the end of a strace of a failed
connection attempt:
1452 15:29:08.101970 open("/etc/passwd", O_RDONLY) = 0
1452 15:29:08.102270 fcntl(0, F_GETFD) = 0
1452 15:29:08.102434 fcntl(0, F_SETFD, FD_CLOEXEC) = 0
1452 15:29:08.102621 fstat(0, {st_mode=0, st_size=0, ...}) = 0
1452 15:29:08.102864 mmap(0, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000d000
1452 15:29:08.103074 read(0,"root:XXXXXXXXXXXXX:0:0:root:/roo"..., 4096) = 522
1452 15:29:08.103451 read(0, "", 4096) = 0
1452 15:29:08.103708 close(0) = 0
1452 15:29:08.103898 munmap(0x4000d000, 4096) = 0
1452 15:29:08.104149 getpid() = 1452
1452 15:29:08.104672 write(2, "0\5\2\1\4B\0", 7) = -1 EPIPE (Broken pipe)
1452 15:29:08.104891 --- SIGPIPE (Broken pipe) ---
I've got straces on several good logins if they would help. As a quick
and dirty work around, I'll just disable the nsswitch stuff that breaks
it. If its a nss_ldap bug, I'll take it up with the folks at PADL
software.
Thanks,
Kevin (who has almost tamed the LDAP beast ;)
--
~ Kevin M. Myer
. . Network/System Administrator
/V\ ELANCO School District
// \
/( )\
^`~'^
