Package: sfs-server Version: 1:0.8-0+pre20050819.1-2 Severity: important
Running sfssd on a system which gets user information from pam/ldap fails to let "sfskey register" work. I found bug 225662 so either that wasn't a complete fix or there has been a regression (but, just in case, I include /etc/pam.d/ contents). Below are example sfssd outputs and (hopefully) all the relevant config files. Please let me know if I can provide anything else. Broken: gateway:~# sfssd -d sfssd: version 0.8pre, pid 1069 sfssd: listening on TCP port 4 sfsauthd: version 0.8pre, pid 1070 sfsrwsd: version 0.8pre, pid 1071 sfsauthd: dbcache_refresh_delay = 0 sfsauthd: Disabling authentication server cache refresh... sfsauthd: serving @gateway.phy.bnl.gov,7dz7ir3mtr8naes45ddp5shahrem5v74 sfsrwsd: serving /sfs/@gateway.phy.bnl.gov,7dz7ir3mtr8naes45ddp5shahrem5v74 sfsauthd: BAD login for bviren from LOCAL(uid=22351)!sfsauthd using unix password (bad login) sfsauthd: BAD login for bviren from LOCAL(uid=22351)!sfsauthd using unix password (bad login) sfsauthd: BAD login for bviren from LOCAL(uid=22351)!sfsauthd using unix password (bad login) After explicitly adding the user's info into the local /etc/passwd file and restarting sfssd lets "sfskey register" work as expected: gateway:~# sfssd -d sfssd: version 0.8pre, pid 1134 sfssd: listening on TCP port 4 sfsauthd: version 0.8pre, pid 1135 sfsrwsd: version 0.8pre, pid 1136 sfsauthd: dbcache_refresh_delay = 0 sfsauthd: Disabling authentication server cache refresh... sfsauthd: serving @gateway.phy.bnl.gov,7dz7ir3mtr8naes45ddp5shahrem5v74 sfsrwsd: serving /sfs/@gateway.phy.bnl.gov,7dz7ir3mtr8naes45ddp5shahrem5v74 sfsauthd: accepted user bviren from LOCAL(uid=22351)!sfsauthd using unix password sfssd: accepted connection from 24.45.218.94 for /usr/lib/sfs-0.8pre/sfsauthd sfsauthd: accepted user bviren from 24.45.218.94!sfsauthd using SRP password sfssd: accepted connection from 24.45.218.94 for /usr/lib/sfs-0.8pre/sfsrwsd sfsauthd: accepted user bviren from 24.45.218.94!sfsrwsd using public key # /etc/nsswitch.conf passwd: files ldap group: files shadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files #/etc/ldap/ldap.conf BASE dc=phy,dc=bnl,dc=gov URI ldaps://home.phy.bnl.gov TLS_CACERT /etc/ssl/certs/ldap.cert TLS_REQCERT allow [EMAIL PROTECTED]:bviren> egrep -v '^#|^$' /etc/libnss-ldap.conf base dc=phy,dc=bnl,dc=gov uri ldaps://home.phy.bnl.gov ldap_version 3 pam_check_host_attr yes pam_password exop [EMAIL PROTECTED]:bviren> egrep -v '^#|^$' /etc/pam_ldap.conf base dc=phy,dc=bnl,dc=gov uri ldaps://home.phy.bnl.gov ldap_version 3 pam_check_host_attr yes pam_password exop /etc/pam.d/chfn: @include common-auth @include common-account @include common-session /etc/pam.d/chsh: auth required pam_shells.so @include common-auth @include common-account @include common-session /etc/pam.d/common-account: account [success=1 default=ignore] pam_unix.so account [success=ok new_authtok_reqd=ok ignore=ignore default=bad perm_denied=bad] pam_ldap.so account required pam_permit.so /etc/pam.d/common-auth: auth [success=1 default=ignore] pam_unix.so auth required pam_ldap.so use_first_pass auth required pam_permit.so /etc/pam.d/common-password: password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 /etc/pam.d/common-session: session required pam_unix.so session optional pam_ldap.so /etc/pam.d/cron: @include common-auth auth required pam_env.so @include common-account @include common-session /etc/pam.d/cvs: @include common-auth @include common-account /etc/pam.d/login: auth requisite pam_securetty.so auth requisite pam_nologin.so auth required pam_env.so @include common-auth @include common-account @include common-session session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard noenv /etc/pam.d/other: @include common-auth @include common-account @include common-password @include common-session /etc/pam.d/passwd: /etc/pam.d/ppp: auth required pam_nologin.so @include common-auth @include common-account @include common-session /etc/pam.d/ssh: auth required pam_env.so # [1] @include common-auth @include common-account @include common-session session optional pam_motd.so # [1] session optional pam_mail.so standard noenv # [1] session required pam_limits.so @include common-password /etc/pam.d/su: auth sufficient pam_rootok.so @include common-auth @include common-account @include common-session -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux gateway 2.4.25-1-686 #1 Tue Feb 24 10:55:59 EST 2004 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages sfs-server depends on: ii libc6 2.3.5-8 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libgcc1 1:4.0.2-9 GCC support library ii libgmp3c2 4.1.4-10 Multiprecision arithmetic library ii libpam0g 0.76-14 Pluggable Authentication Modules l ii libsfs0c2 1:0.8-0+pre20050819.1-2 Self-Certifying File System shared ii libstdc++6 4.0.2-9 The GNU Standard C++ Library v3 ii nfs-kernel-serve 1:1.0.7-3 Kernel NFS server support ii sfs-common 1:0.8-0+pre20050819.1-2 Self-Certifying File System common -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
