Hi, The close_fds_except() function in the auth-pam plugin contains a bug, but it seems to be by design. It doesn't close standard fds (stdin, stdout, stderr). This means that a program that starts openvpn and reads its stdout from a pipe will never receive EOF and will idle forever.
To reproduce: with a configuration using the auth-pam plugin, this command never returns: /etc/init.d/openvpn start | cat ps alx shows: 1 0 4764 1 16 0 5984 1564 - S+ pts/19 0:00 /usr/sbin/openvpn 5 99 4770 1 15 0 5988 1964 - Ss ? 0:00 /usr/sbin/openvpn The process with PID 4764 is the pam server because it has UID 0. Sending it a kill -9 makes the command return. Sending the real openvpn process (PID 4770) a kill -9 does not make the command return, as expected. This confirms that it's the pam server process that is at fault. Solution: either 1) reopen stdin, stdout and stderr to /dev/null when --daemon option is specified (need a way to access options structure in the plugin) 2) start plugins after becoming a daemon in init_instance() What do you think?
