Package: libauthen-pam-perl
Version: 0.16-1
Severity: normal
I have a custom service on my local machine that authenticates against an
institutional Kerberos server. I run unit tests on an application which
uses Authen::PAM and attempts to authenticate nonexistent users against
this service. This has worked in the past, and works on up-to-date sarge
machines, but has started segfaulting on my unstable machine.
I've attached a test script which demonstrates the problem. The
accompanying PAM file for sudo simply says:
#%PAM-1.0
authrequired pam_krb5.so use_first_pass no_user_check debug
bcs is a user which the Kerberos server knows about; kbtest is one which it
does not. The program will segfault when the pam_authenticate() method is
called to try to authenticate kbtest. I expect it to indicate that
authentication failed, as it currently does on sarge.
When I run the sudo command normally with a local user that's not on the
Kerberos server, an error says:
sudo: pam_authenticate: User not known to the underlying authentication module
The following debug messages appear in my syslog when I run my test script:
Dec 12 16:06:03 localhost perl: (pam_krb5): none: pam_sm_authenticate: entry
Dec 12 16:06:06 localhost perl: pam_krb5: verify_krb_v5_tgt():
krb5_kt_read_service_key(): No such file or directory
Dec 12 16:06:06 localhost perl: (pam_krb5): bcs: pam_sm_authenticate: exit
(success)
Dec 12 16:06:06 localhost perl: (pam_krb5): bcs: krb5_cc_destroy: ctx-cache:
/tmp/fileszyC8t
Dec 12 16:06:06 localhost perl: (pam_krb5): none: pam_sm_authenticate: entry
Note that it gets no farther than the pam_sm_authenticate: entry message,
so I guess things are segfaulting shortly thereafter.
And these appear when I run sudo by hand as the nonexistent user:
Dec 12 16:08:59 localhost sudo: (pam_krb5): none: pam_sm_authenticate: entry
Dec 12 16:09:00 localhost sudo: (pam_krb5): kbtest:
krb5_get_init_creds_password(): Client not found in Kerberos database
Dec 12 16:09:00 localhost sudo: (pam_krb5): kbtest: pam_sm_authenticate: exit
(failure)
If you need more information or tests, just let me know. I'm afraid I
don't have any details about the Kerberos server itself, and it might be
difficult to get them, although I'll certainly try.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.3-2
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages libauthen-pam-perl depends on:
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
ii libpam0g 0.79-3 Pluggable Authentication Modules l
ii perl 5.8.7-8Larry Wall's Practical Extraction
ii perl-base [perlapi-5.8.7] 5.8.7-8The Pathologically Eclectic Rubbis
libauthen-pam-perl recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]