Bug#355647: marked as done (sfs-server: "sfskey register" fails when using pam/ldap)

Debian Bug Tracking System Tue, 27 Jan 2009 12:10:13 -0800

Your message dated Tue, 27 Jan 2009 20:00:46 GMT
with message-id <[email protected]>
and subject line sfs has been removed from Debian, closing #355647
has caused the Debian Bug report #355647,
regarding sfs-server: "sfskey register" fails when using pam/ldap
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
355647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355647
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: sfs-server
Version: 1:0.8-0+pre20050819.1-2
Severity: important


Running sfssd on a system which gets user information from pam/ldap
fails to let "sfskey register" work.  I found bug 225662 so either
that wasn't a complete fix or there has been a regression (but, just
in case, I include /etc/pam.d/ contents).

Below are example sfssd outputs and (hopefully) all the relevant
config files.  Please let me know if I can provide anything else.

Broken:

gateway:~# sfssd -d
sfssd: version 0.8pre, pid 1069
sfssd: listening on TCP port 4
sfsauthd: version 0.8pre, pid 1070
sfsrwsd: version 0.8pre, pid 1071
sfsauthd: dbcache_refresh_delay = 0
sfsauthd: Disabling authentication server cache refresh...
sfsauthd: serving @gateway.phy.bnl.gov,7dz7ir3mtr8naes45ddp5shahrem5v74
sfsrwsd: serving /sfs/@gateway.phy.bnl.gov,7dz7ir3mtr8naes45ddp5shahrem5v74
sfsauthd: BAD login for bviren from LOCAL(uid=22351)!sfsauthd using unix 
password (bad login)
sfsauthd: BAD login for bviren from LOCAL(uid=22351)!sfsauthd using unix 
password (bad login)
sfsauthd: BAD login for bviren from LOCAL(uid=22351)!sfsauthd using unix 
password (bad login)

After explicitly adding the user's info into the local /etc/passwd
file and restarting sfssd lets "sfskey register" work as expected:

gateway:~# sfssd -d
sfssd: version 0.8pre, pid 1134
sfssd: listening on TCP port 4
sfsauthd: version 0.8pre, pid 1135
sfsrwsd: version 0.8pre, pid 1136
sfsauthd: dbcache_refresh_delay = 0
sfsauthd: Disabling authentication server cache refresh...
sfsauthd: serving @gateway.phy.bnl.gov,7dz7ir3mtr8naes45ddp5shahrem5v74
sfsrwsd: serving /sfs/@gateway.phy.bnl.gov,7dz7ir3mtr8naes45ddp5shahrem5v74
sfsauthd: accepted user bviren from LOCAL(uid=22351)!sfsauthd using unix 
password
sfssd: accepted connection from 24.45.218.94 for /usr/lib/sfs-0.8pre/sfsauthd
sfsauthd: accepted user bviren from 24.45.218.94!sfsauthd using SRP password
sfssd: accepted connection from 24.45.218.94 for /usr/lib/sfs-0.8pre/sfsrwsd
sfsauthd: accepted user bviren from 24.45.218.94!sfsrwsd using public key

# /etc/nsswitch.conf
passwd:         files ldap
group:          files
shadow:         files
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files


#/etc/ldap/ldap.conf
BASE dc=phy,dc=bnl,dc=gov
URI  ldaps://home.phy.bnl.gov
TLS_CACERT /etc/ssl/certs/ldap.cert
TLS_REQCERT allow


bvi...@gateway:bviren> egrep -v '^#|^$' /etc/libnss-ldap.conf
base dc=phy,dc=bnl,dc=gov
uri ldaps://home.phy.bnl.gov
ldap_version 3
pam_check_host_attr yes
pam_password exop

bvi...@gateway:bviren> egrep -v '^#|^$' /etc/pam_ldap.conf
base dc=phy,dc=bnl,dc=gov
uri ldaps://home.phy.bnl.gov
ldap_version 3
pam_check_host_attr yes
pam_password exop

/etc/pam.d/chfn:
@include common-auth
@include common-account
@include common-session

/etc/pam.d/chsh:
auth       required   pam_shells.so
@include common-auth
@include common-account
@include common-session

/etc/pam.d/common-account:
account [success=1 default=ignore] pam_unix.so
account [success=ok new_authtok_reqd=ok ignore=ignore default=bad 
perm_denied=bad] pam_ldap.so
account required pam_permit.so

/etc/pam.d/common-auth:
auth    [success=1 default=ignore]      pam_unix.so
auth    required                        pam_ldap.so use_first_pass
auth    required                        pam_permit.so 

/etc/pam.d/common-password:
password        sufficient      pam_ldap.so
password        required        pam_unix.so nullok obscure min=4 max=8 md5

/etc/pam.d/common-session:
session required        pam_unix.so
session optional        pam_ldap.so

/etc/pam.d/cron:
@include common-auth
auth       required   pam_env.so
@include common-account
@include common-session

/etc/pam.d/cvs:
@include common-auth
@include common-account

/etc/pam.d/login:
auth       requisite  pam_securetty.so
auth       requisite  pam_nologin.so
auth       required   pam_env.so
@include common-auth
@include common-account
@include common-session
session    optional   pam_lastlog.so
session    optional   pam_motd.so
session    optional   pam_mail.so standard noenv

/etc/pam.d/other:
@include common-auth
@include common-account
@include common-password
@include common-session

/etc/pam.d/passwd:

/etc/pam.d/ppp:
auth    required        pam_nologin.so
@include common-auth
@include common-account
@include common-session

/etc/pam.d/ssh:
auth       required     pam_env.so # [1]
@include common-auth
@include common-account
@include common-session
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so
@include common-password

/etc/pam.d/su:
auth       sufficient pam_rootok.so
@include common-auth
@include common-account
@include common-session



-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux gateway 2.4.25-1-686 #1 Tue Feb 24 10:55:59 EST 2004 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages sfs-server depends on:
ii  libc6            2.3.5-8                 GNU C Library: Shared libraries an
ii  libdb4.2         4.2.52-18               Berkeley v4.2 Database Libraries [
ii  libgcc1          1:4.0.2-9               GCC support library
ii  libgmp3c2        4.1.4-10                Multiprecision arithmetic library
ii  libpam0g         0.76-14                 Pluggable Authentication Modules l
ii  libsfs0c2        1:0.8-0+pre20050819.1-2 Self-Certifying File System shared
ii  libstdc++6       4.0.2-9                 The GNU Standard C++ Library v3
ii  nfs-kernel-serve 1:1.0.7-3               Kernel NFS server support
ii  sfs-common       1:0.8-0+pre20050819.1-2 Self-Certifying File System common

-- no debconf information

--- End Message ---

--- Begin Message ---

Version: 1:0.8-0+pre20060720.1-1.1+rm

The sfs package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.

For more information about this package's removal, read
http://bugs.debian.org/507036 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

Kind regards,
--
Marco Rodrigues

--- End Message ---

Bug#355647: marked as done (sfs-server: "sfskey register" fails when using pam/ldap)

Reply via email to