Bug#277767: [Pkg-shadow-devel] Bug#277767: Progress on this bug report?

Greg Matthews gmatt at nerc.ac.uk
Thu Mar 2 09:56:03 UTC 2006 

On Thu, 2006-03-02 at 00:52 +0200, Alexander Gattin wrote:
> Hi!
> 
> On Mon, Feb 27, 2006 at 07:20:45AM +0100, Christian Perrier wrote:
> > > > P.S. The requred infrastructure will be ready soon.
> > > And now, one month later?
> > And now, *two* months later? :-)
> 
> Oh, yeah, now it's 2 months closer to completion ;)
> 
> Actually, a lot of different and I'd say boring job
> found me meanwhile, but in rare free time I did some
> experiments.
> 
> WRT the bug, I'd like to know what schemes etc. did
> the bug submitter use. Greg?

Hi...

sorry for the long silence, change of job etc...

just trying to reproduce this bug and the symptoms seem to have changed,
I dont get a segfault but su is still failing:

with TLS_CACERTDIR:
$ su -
Sorry.
$

with TLS_CACERT:
$ su -
Password:
#

current pkg versions on debian sarge host:
libnss-ldap 238-1
libpam-ldap 178-1sarge1

wrt schemas, I assume you mean the relevant objectclasses for my user
object? In this case I am using the rather restrictive "account", with
"posixAccount" and "shadowAccount". The server is using the following
schema files:

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/locking.schema
include /usr/local/etc/openldap/schema/solaris.schema
include /usr/local/etc/openldap/schema/DUAConfig.schema
include /usr/local/etc/openldap/schema/automount.schema
include /usr/local/etc/openldap/schema/eduperson.schema

but locking, solaris and eduperson are not being used.

Another datapoint:
if I strace the "su -" I do actually get prompted for a password
(without strace I get an instant "Sorry."), and the error "su:
Authentication failure"

G

> 
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford


-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

More information about the Pkg-shadow-devel mailing list