[Pkg-shadow-devel] Bug#472986: /bin/su: su segfaults with libpam-p11 activated in /etc/pam.d/common-auth
Nicolas François
nicolas.francois at centraliens.net
Fri Apr 11 13:01:01 UTC 2008
Hello,
On Fri, Apr 11, 2008 at 09:57:40AM +0200, jerome.alet at ac-nice.fr wrote:
> Nicolas François wrote:
>>
>> Could you also test if the bug is fixed in the new version 1:4.1.1-1?
>
> No it's not fixed in 1:4.1.1-1.
Thanks for checking.
> With SYSLOG_SU_ENAB set to yes and the SULOG_FILE defined, nothing gets
> written to the file : the segfault occurs before. When deactivating the
> pkcs11 stuff, I've checked that this file gets correctly written to when
> using su.
Commenting the SULOG_FILE line might fix this bug.
Could you check this?
If it still fails, could you check disabling SYSLOG_SU_ENAB?
> /var/log/auth.log contains :
>
> --- CUT ---
> Apr 11 09:49:19 houlala pam_p11[17848]: fatal: pkcs11_sign failed
> Apr 11 09:49:19 houlala pam_p11[17848]: pam_authenticate: Authentication
> service cannot retrieve authentication info
> --- CUT ---
Are there also some lines related to su?
I'm looking for messages like:
su[...]: FAILED su for foo by bar
and
su[...]: pam_authenticate: Authentication service cannot retrieve authentication info
My idea is that su could not guess the tty name, and this fails in sulog.
I hope to be able to reproduce it with another module, and will try to
come with a solution next week.
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list