On Fri, Sep 29, 2006 at 05:12:53PM +0200, Steinar H. Gunderson wrote:
> Perhaps we should try a binary search across upstream versions?
OK, it seems to be related to changed behaviour in libldap -- not very
surprising, as libnss-ldap uses internal functions. Basically, ldap_ld_free()
changed behav
On Fri, Sep 29, 2006 at 08:51:18AM -0600, Berg, Michael wrote:
> I have also verified TLS operation with my currently installed (and
> working) libnss-ldap version 238 by capturing loopback traffic with
> wireshark/ethereal and performing multiple back-to-back "getent passwd"
> commands which (as d
> Steinar H. Gunderson wrote:
>>> With libnss-ldap 238-1.2 installed
>>>
>>> $ cat /proc/sys/kernel/random/entropy_avail; \
>>> getent passwd user_in_ldap; \
>>> cat /proc/sys/kernel/random/entropy_avail
>>> 3585
>>> passwd entry here
>>> 129
>> Are you sure it's not falling back to non-TLS her
Steinar H. Gunderson wrote:
>> With libnss-ldap 238-1.2 installed
>>
>> $ cat /proc/sys/kernel/random/entropy_avail; \
>> getent passwd user_in_ldap; \
>> cat /proc/sys/kernel/random/entropy_avail
>> 3585
>> passwd entry here
>> 129
>
> Are you sure it's not falling back to non-TLS here? Or lo
This one time, at band camp, Steinar H. Gunderson said:
> On Thu, Aug 31, 2006 at 07:42:03PM -0600, Berg, Michael wrote:
> > A low entropy pool may be a contributing factor, but something definitely
> > changed between libnss-ldap 238 and 251.
>
> I guess this is the new reconnection logic introdu
On Thu, Aug 31, 2006 at 07:42:03PM -0600, Berg, Michael wrote:
> A low entropy pool may be a contributing factor, but something definitely
> changed between libnss-ldap 238 and 251.
I guess this is the new reconnection logic introduced in 241.
> With libnss-ldap 238-1.2 installed
>
> $ cat /proc
Stephen Gran wrote:
Hello all,
We just got bitten by this bug yesterday, and found that disabling tls
(.e., changing ldaps:// to ldap:// in our uri's) made it work just fine
again. Turned out our machine was low on entropy. Can people see if it
is tls related for them as well? It seems to me
A low entropy pool may be a contributing factor, but something definitely
changed between libnss-ldap 238 and 251.
With libnss-ldap 238-1.2 installed
$ cat /proc/sys/kernel/random/entropy_avail; \
getent passwd user_in_ldap; \
cat /proc/sys/kernel/random/entropy_avail
3585
passwd entry here
1
This one time, at band camp, Alexander Vlasov said:
> Ok, +1.
>
> using ldap instead of ldaps solves the problem. With `ldaps', system
> quickly runs out of entropy (/proc/sys/kernel/random/entropy_avail
> falls down to ~200 and this number grows very slow). With `ldap',
> entropy level in ~15 s
Ok, +1.
using ldap instead of ldaps solves the problem.
With `ldaps', system quickly runs out of entropy
(/proc/sys/kernel/random/entropy_avail falls down to ~200 and this
number grows very slow).
With `ldap', entropy level in ~15 secs becomes ~3500
Well, disabling TLS is workaround, not solutio
On Mon, Aug 28, 2006 at 12:46:31AM +0100, Stephen Gran wrote:
> We just got bitten by this bug yesterday, and found that disabling tls
> (.e., changing ldaps:// to ldap:// in our uri's) made it work just fine
> again. Turned out our machine was low on entropy. Can people see if it
> is tls relate
Hi,
I can confirm Stephen Gran's findings: login works when tls is disabled
in /etc/libnss-ldap.conf.
--
Rik Theys
Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hello all,
We just got bitten by this bug yesterday, and found that disabling tls
(.e., changing ldaps:// to ldap:// in our uri's) made it work just fine
again. Turned out our machine was low on entropy. Can people see if it
is tls related for them as well? It seems to me it's not properly
hand
Quoting =?UTF-8?B?VmVkcmFuIEZ1cmHEjQ==?= <[EMAIL PROTECTED]>:
> Same here, except I can't login[1] even using sash.
>
> If I start nscd, login, and then disable nscd, sash will work (unlike bash
> or zsh).
>
> [1] Authentication is, actually, successful, I see the MOTD, but shell
> isn't started a
Quoting Sjoerd Simons <[EMAIL PROTECTED]>:
> I've also tried sash and that seems to work fine..
If I understand you correctly, you've tried zsh and bash but then you can't
login, but if you try sash, then it works?!
Then maybe you have some faulty .bash{rc,_profile} as well?
> So it still seems
Sjoerd Simons wrote:
> On Tue, Jul 04, 2006 at 02:52:32PM +0200, Turbo Fredriksson wrote:
>> Quoting Sjoerd Simons <[EMAIL PROTECTED]>:
>>
>> For both of you (having problem)?
>
>> I've seen this before, when I've messed up my .bashrc and/or .bash_login
>> (the corresponding files for bash which
On Tue, Jul 04, 2006 at 02:52:32PM +0200, Turbo Fredriksson wrote:
> Quoting Sjoerd Simons <[EMAIL PROTECTED]>:
>
> > /home/sjoerd/.zshrc:65: parse error: condition expected: =
> > /home/sjoerd/.zlogin:8: parse error: condition expected: =
>
> These looks more like a problem with zsh. Did zsh get
Just wanted to put in some lines about this...
I've successfully installed 'this' package (actually a recompile for
my semi-woody) and it works 'just fine'.
I run only IPv4, my nsswitch.conf say 'files ldap', not 'compat ldap'.
Oh, and as said, it's on a semi-woody (all LDAPv3 stuff, Cyrus SASL,
Quoting Sjoerd Simons <[EMAIL PROTECTED]>:
> /home/sjoerd/.zshrc:65: parse error: condition expected: =
> /home/sjoerd/.zlogin:8: parse error: condition expected: =
These looks more like a problem with zsh. Did zsh get upgraded as well/with
libnss-ldap?
For both of you (having problem)?
I've s
On Mon, Jul 03, 2006 at 11:55:47AM -0400, Stephen Frost wrote:
> * Vedran Fura? ([EMAIL PROTECTED]) wrote:
> > Stephen Frost wrote:
> > > What do your configs look like,
>
> What are the permissions on your libnss-ldap.conf?
-rw-r--r-- 1 root root 1225 Jul 3 18:07 /etc/libnss-ldap.conf
As down
* Vedran Fura? ([EMAIL PROTECTED]) wrote:
> Stephen Frost wrote:
> > What do your configs look like,
What are the permissions on your libnss-ldap.conf?
> But the problem is not in login(1), if I log in with nscd and then disable
> it *every* started app will crash immediately with SIGPIPE, just
* Sjoerd Simons ([EMAIL PROTECTED]) wrote:
> I've rebooted one of the systems with the ipv6 module blacklisted. After that
> it still shows exactly the same behaviour (identicaly trace, just the ipv6
> addresses replaced by ipv4 addresses)...
Hmm, ok.
> > Can you check if there's a file in /var/l
Stephen Frost wrote:
> severity 376426 serious
> tags +moreinfo
> thanks
>
> * Vedran Fura?? ([EMAIL PROTECTED]) wrote:
>> After upgrade to version 251 I can't login as a user in ldap and even as
>> root which is a local user. Login process dies with SIGPIPE.
>> It only happens without nscd.
>
>
On Mon, Jul 03, 2006 at 08:43:45AM -0400, Stephen Frost wrote:
> * Sjoerd Simons ([EMAIL PROTECTED]) wrote:
> > On Sun, Jul 02, 2006 at 08:00:22PM -0400, Stephen Frost wrote:
> > > * Vedran Fura?? ([EMAIL PROTECTED]) wrote:
> > > > After upgrade to version 251 I can't login as a user in ldap and ev
* Sjoerd Simons ([EMAIL PROTECTED]) wrote:
> On Sun, Jul 02, 2006 at 08:00:22PM -0400, Stephen Frost wrote:
> > * Vedran Fura?? ([EMAIL PROTECTED]) wrote:
> > > After upgrade to version 251 I can't login as a user in ldap and even as
> > > root which is a local user. Login process dies with SIGPIPE
On Sun, Jul 02, 2006 at 08:00:22PM -0400, Stephen Frost wrote:
> severity 376426 serious
> tags +moreinfo
> thanks
>
> * Vedran Fura?? ([EMAIL PROTECTED]) wrote:
> > After upgrade to version 251 I can't login as a user in ldap and even as
> > root which is a local user. Login process dies with SIG
severity 376426 serious
tags +moreinfo
thanks
* Vedran Fura?? ([EMAIL PROTECTED]) wrote:
> After upgrade to version 251 I can't login as a user in ldap and even as
> root which is a local user. Login process dies with SIGPIPE.
> It only happens without nscd.
What do your configs look like, what v
Processing commands for [EMAIL PROTECTED]:
> severity 376426 serious
Bug#376426: libnss-ldap: Can't login even as local user
Severity set to `serious' from `grave'
> tags +moreinfo
Unknown command or malformed arguments to command.
> thanks
Stopping processing here.
Package: libnss-ldap
Version: 251-5
Severity: grave
Justification: renders package unusable
After upgrade to version 251 I can't login as a user in ldap and even as
root which is a local user. Login process dies with SIGPIPE.
It only happens without nscd.
-- System Information:
Debian Release: t
29 matches
Mail list logo
