[Pkg-shadow-devel] Bug#472986: /bin/su: su segfaults with libpam-p11 activated in /etc/pam.d/common-auth

Nicolas François nicolas.francois at centraliens.net
Fri Apr 11 13:01:01 UTC 2008


Hello,

On Fri, Apr 11, 2008 at 09:57:40AM +0200, jerome.alet at ac-nice.fr wrote:
> Nicolas François wrote:
>>
>> Could you also test if the bug is fixed in the new version 1:4.1.1-1?
>
> No it's not fixed in 1:4.1.1-1.

Thanks for checking.


> With SYSLOG_SU_ENAB set to yes and the SULOG_FILE defined, nothing gets  
> written to the file : the segfault occurs before. When deactivating the  
> pkcs11 stuff, I've checked that this file gets correctly written to when  
> using su.

Commenting the SULOG_FILE line might fix this bug.

Could you check this?

If it still fails, could you check disabling SYSLOG_SU_ENAB?

> /var/log/auth.log contains :
>
> --- CUT ---
> Apr 11 09:49:19 houlala pam_p11[17848]: fatal: pkcs11_sign failed
> Apr 11 09:49:19 houlala pam_p11[17848]: pam_authenticate: Authentication  
> service cannot retrieve authentication info
> --- CUT ---

Are there also some lines related to su?
I'm looking for messages like:
  su[...]: FAILED su for foo by bar

and
  su[...]: pam_authenticate: Authentication service cannot retrieve authentication info


My idea is that su could not guess the tty name, and this fails in sulog.

I hope to be able to reproduce it with another module, and will try to
come with a solution next week.

Best Regards,
-- 
Nekral





More information about the Pkg-shadow-devel mailing list