[Pkg-shadow-devel] Bug#472986: Bug#472986: /bin/su: su segfaults with libpam-p11 activated in /etc/pam.d/common-auth
Nicolas François
nicolas.francois at centraliens.net
Thu Mar 27 16:11:58 UTC 2008
Hello,
On Thu, Mar 27, 2008 at 04:33:01PM +0100, jerome.alet at ac-nice.fr wrote:
> When trying to activate libpam-p11 (v0.1.3-1) for login, I've modified
> /etc/pam.d/common-auth to contain :
>
> --- CUT ---
> auth required pam_p11_opensc.so /usr/lib/opensc-pkcs11.so
> #auth required pam_unix.so nullok_secure
> --- CUT ---
It will be quite difficult for me to debug this, as I have no such
device/setup.
Would you be able to rebuild a shadow package with debug information to
check where su is really failing?
> Then when doing an su, there's a segfault :
>
> --- CUT ---
> jerome at houlala:~$ su
> su: Authentication service cannot retrieve authentication info
> Erreur de segmentation
> jerome at houlala:~$
> --- CUT ---
It seems it is really failing in su, not in PAM ("Authentication service
cannot retrieve authentication info" is a message from PAM, but
successfully received by su), but are you able to use the PAM module with
this setup on another service?
Assuming the issue is in su, there are different places where su could
issue such error message. su is usually doing a very few things after
showing the error message. Could you check the syslog messages at the
time of the failure (in /var/log/auth.log)? This will probably give me
some hints.
It could also be interesting to know if SYSLOG_SU_ENAB and SULOG_FILE are
set in your /etc/login.defs file (and to which value).
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list