On Mon, Jul 23, 2007 at 01:53:55PM +0200, Zdenek Kabelac wrote: > Package: libpam-smbpass > Version: 3.0.25b-1+b1 > Severity: normal
> On my system I'm using this line in my common-auth pam module: > auth optional pam_smbpass.so migrate > and when I try tu use 'su' command to become root and I do > not insert correct root password - then su cause segfaul > (with correct password - there are no problems) Ok, the first problem seems to be this -- in order to get the error in question, your PAM config must be as follows: auth require pam_unix.so nullok_secure auth optional pam_smbpass.so migrate This is wrong, you *must not* use 'require' for the first module in the stack, it must be 'requisite' instead. If you use 'require', the following module will still be called even if the first module fails, and you don't want that; you only want the following module to be called if the first module *succeeds*, to avoid populating the smbpasswd database with passwords from failed authentication attempts. And that fix happens to be sufficient to eliminate the symptoms of your problem, so I would recommend doing that. :) The bug itself is a bit more subtle. The problem is that both pam_smbpass and su try to use syslog, and if pam_smbpass gets called, it messes up the syslogging for the application, leading to the segfault. This looks like a rehash of a discussion I had with the PAM upstream years and years ago, that pam_smbpass was simply never fixed to deal with. I should be able to put a fix together fairly quickly now that I'm aware of the problem. > I'm adding gdb output - though I'm not sure how usable > this could be. Not on its own, but thanks for the effort -- to get a good backtrace you really need to rebuild su with debugging symbols enabled. :) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
