[Bug 1189] Stacked PAM modules hang root logout
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat May 20 07:43:00 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=1189
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Comment #8 from dtucker at zip.com.au 2006-05-20 07:42 -------
(In reply to comment #6)
> Additional testing reveals that
>
> 1) the hang is caused by having the PAM module in question alone
> performing authentication - it doesn't have to be stacked
> 2) non-root users will also hang using pubkey auth if sshd is
> configured without PrivSep
> 3) not all PAM modules exhibit this behavior
>
> I suppose this bug boils down to one of, if pubkey auth succeeded, why
> would the auth PAM modules be getting touched at all? Even if I have a
> clunky PAM module, I would have thought it wouldn't matter if it is not
> being called for auth.
pam_setcred() uses the auth stack too and that's called regardless of
the ssh authentication method.
> I am about to attach the output of truss -vpoll -f -d on the sshd
> command in question. The hang occurs between the timestamps 15.69 and
> 26.18 (which is where I hit Ctrl-C).
>
> Thanks in advance for any help or pointers to a clue, if I am
> overlooking something (aside from getting rid of the PAM module in
> question).
Try lsof'ing (or equivalent) the hanging sshd (and/or its shell
subprocess if it still has one). I suspect that your recalcitrant
module is leaking file descriptors and sshd is waiting for the leaked
desriptor to close.
Excellent bug report, btw :-)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list