On 02/11/2009 04:20 PM, Benjamin Lee wrote:
> On 02/10/2009 10:08 PM, Arjun Singh wrote:
>> Thanks for the advice. I tried to see if I could get nscd to solve anything,
>> but it seems to just hide the problem, and not completely. With nscd
>> enabled, the first login fails. After that, it's fine..
>> I get the following in auth.log corresponding with the failed first login
>> (with the correct pw):
>> Feb 10 22:03:23 new-hkn sshd[59371]: nss_ldap: could not search LDAP server
>> - Server is unavailable
>> Feb 10 22:03:23 new-hkn sshd[59371]: fatal: login_get_lastlog: Cannot find
>> account for uid 10000
>> Feb 10 22:03:23 new-hkn sshd[59371]: syslogin_perform_logout: logout()
>> returned an error
> [...]
> It appears to be a bug when using nss_ldap with RELENG_7, as I have been
> unable to reproduce the issue on machines running 6.2-RELEASE and
> 6.3-RELEASE, regardless of the version of OpenLDAP.  In my environment,
> the machines use pam_krb5 for authentication, so the problem is
> definitely not related to pam_ldap.  Have you filed a problem report?

[changing the subject to be more descriptive]

I was able to work around the issue by removing pthread_atfork detection
from the configure script.  Specifically:

b...@dot /usr/ports/net/nss_ldap/work/nss_ldap-264 $ diff -u
--- configure.in.orig   2009-02-13 01:56:31.000000000 -0800
+++ configure.in        2009-02-13 01:56:58.000000000 -0800
@@ -230,7 +230,6 @@
 AC_CHECK_LIB(pthread_nonshared, main)

I assume, then, that the defect is related to the change from libkse to
libthr in RELENG_7.  Does anybody have any further insight into this issue?

Benjamin Lee

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to