From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Aug 21 18:50:15 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D651316A4EA for ; Mon, 21 Aug 2006 18:50:15 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38ED743D4C for ; Mon, 21 Aug 2006 18:50:15 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k7LIoFid055850 for ; Mon, 21 Aug 2006 18:50:15 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k7LIoF3g055847; Mon, 21 Aug 2006 18:50:15 GMT (envelope-from gnats) Resent-Date: Mon, 21 Aug 2006 18:50:15 GMT Resent-Message-Id: <200608211850.k7LIoF3g055847@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Nathan Whitehorn Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1CB916A4DA for ; Mon, 21 Aug 2006 18:46:27 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0AB5943D70 for ; Mon, 21 Aug 2006 18:46:27 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k7LIkQ4g094284 for ; Mon, 21 Aug 2006 18:46:26 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id k7LIkQa1094281; Mon, 21 Aug 2006 18:46:26 GMT (envelope-from nobody) Message-Id: <200608211846.k7LIkQa1094281@www.freebsd.org> Date: Mon, 21 Aug 2006 18:46:26 GMT From: Nathan Whitehorn To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: ports/102356: net/openldap23-client update breaks pam_ldap + ssh X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Aug 2006 18:50:16 -0000 >Number: 102356 >Category: ports >Synopsis: net/openldap23-client update breaks pam_ldap + ssh >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 21 18:50:14 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Nathan Whitehorn >Release: 6.1-STABLE >Organization: University of Chicago >Environment: FreeBSD ginger.rh 6.1-STABLE FreeBSD 6.1-STABLE #0: Wed Aug 9 19:43:51 UTC 2006 root@puppetmaster.rh:/usr/obj/usr/src/sys/SMP amd64 >Description: The update to OpenLDAP 2.3.26 breaks sshd when used with pam_ldap (anything else used with pam_ldap works -- might be a threading issue). This occurs only on RELENG_6 worlds built after the beginning of July or so. Reverting to the old OpenLDAP fixes the problem. The error causes sshd to segfault, unless it is in debugging mode. Output to the clients appears: [nathanw@print /etc/pam.d]$ ssh 128.135.221.12 -p 23 Permission denied (publickey,keyboard-interactive). In debugging mode, sshd gives me the following: debug1: PAM: setting PAM_RHOST to "palevsky-221-013.rh.uchicago.edu" debug2: monitor_read: 45 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 48 debug3: mm_answer_pam_init_ctx debug3: PAM: sshpam_init_ctx entering debug3: mm_request_send entering: type 49 debug3: mm_sshpam_query debug3: mm_request_send entering: type 50 debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY debug3: mm_request_receive_expect entering: type 51 debug3: mm_request_receive entering debug3: mm_request_receive entering debug3: monitor_read: checking request 50 debug3: mm_answer_pam_query debug3: PAM: sshpam_query entering debug3: ssh_msg_recv entering debug3: mm_request_send entering: type 51 debug3: mm_request_receive entering debug3: mm_sshpam_query: pam_query returned -1 debug3: mm_sshpam_free_ctx debug3: mm_request_send entering: type 54 debug3: mm_sshpam_free_ctx: waiting for MONITOR_ANS_PAM_FREE_CTX debug3: mm_request_receive_expect entering: type 55 debug3: monitor_read: checking request 54 debug3: mm_request_receive entering debug3: mm_answer_pam_free_ctx debug3: PAM: sshpam_free_ctx entering debug3: PAM: sshpam_thread_cleanup entering debug3: mm_request_send entering: type 55 debug2: monitor_read: 54 used once, disabling now Failed unknown for nathanw from 128.135.221.13 port 54854 ssh2 Failed keyboard-interactive for nathanw from 128.135.221.13 port 54854 ssh2 debug3: mm_request_receive entering Connection closed by 128.135.221.13 debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering >How-To-Repeat: Enable ssh authentication with LDAP: auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass >Fix: Downgrade to OpenLDAP 2.3.25. >Release-Note: >Audit-Trail: >Unformatted: