Package: libgnutls13 Version: 1.4.4-3 Severity: normal #470509 turns out to be caused by the version of libgnutls13 - if the version from stable (1.4.4-3) is in use pam_ldap will return an incorrect authentication error because the ldap_search_s() call will fail when gnutls_read() returns an internal error while reading a large record (e.g. an LDAP record which contains a jpegPhoto attribute):
Mar 14 09:30:47 etch-dev su[17362]: SSL_read() failed: gnutls_read() returned -59: GnuTLS internal error. I have submitted a pam_ldap patch which does not retrieve the entire record since it's unnecessary to transfer that much data but I suspect that the same internal error could affect other programs. Upgrading to the version in testing solves the problem. Chris -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages libgnutls13 depends on: ii libc6 2.7-6 GNU C Library: Shared libraries ii libgcrypt11 1.4.0-3 LGPL Crypto library - runtime libr ii libgpg-error0 1.4-2 library for common error values an ii liblzo1 1.08-3 data compression library (old vers ii libopencdk8 0.5.9-2 Open Crypto Development Kit (OpenC ii libtasn1-3 0.3.6-2 Manage ASN.1 structures (runtime) ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime libgnutls13 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
