Package: libpam-modules Version: 1.0.1-5+lenny1
The bug is in the function tally_check in pam_tally.c This function calls get_tally in order to open the faillog file but this file is never closed until the invoking process is killed. When pam_tally.so module is in the auth stack, every authentication that a process is performing adds an additional open descriptor to the process for the faillog file. When the maximum number of open descriptors is reached for the process the next authentication attempts for this process will fail with PAM_MODULE_UNKNOWN. I suggest that "fclose(TALLY)" will be called before tally_check returns (given that the fopen was successful). I am using Debian 5.0, kernel 2.6.32 and libc6 2.7-18
