Re: PAM Pass through authentication only one threaded

[Rich Megginson <rmeggins@xxxxxxxxxx>]

On 11/04/2013 09:00 AM, Jan Tomasek wrote:
> On 11/04/2013 04:12 PM, Rich Megginson wrote:
> > Looks like you do not have the right debuginfo packages installed. But
> > there may be enough information in the stack trace anyway.
> >
> > Your pam script is waiting:
> > Thread 11 (Thread 0x7f60c97ea700 (LWP 10146)):
> > #0  0x00007f60f0b4209d in waitpid () from /lib64/libpthread.so.0
> > No symbol table info available.
> > #1  0x00007f60e033f2c1 in ?? () from /lib/security/pam_script.so
> > No symbol table info available.
> > #2  0x00007f60e033f68a in pam_sm_authenticate () from
> > /lib/security/pam_script.so
> > No symbol table info available.
> > #3  0x00007f60e8aa2cee in ?? () from /lib64/libpam.so.0
> > No symbol table info available.
> > #4  0x00007f60e8aa2600 in pam_authenticate () from /lib64/libpam.so.0
> > No symbol table info available.
> > #5  0x00007f60e8cb1e24 in ?? () from
> > /usr/lib64/dirsrv/plugins/libpam-passthru-plugin.so
> > No symbol table info available.
> > #6  0x00007f60e8cb22ca in pam_passthru_do_pam_auth () from
> > /usr/lib64/dirsrv/plugins/libpam-passthru-plugin.so
> > No symbol table info available.
> >
> > It holds the lock in pam_passthru_do_pam_auth which causes all of the
> > other threads to block.
> >
> > Why is the script not exiting?
>
> It hangs within my perl script (attached). Debug output from script:
>
> Nov  4 18:51:36 pdap pam_script_auth[12278]: PAM env: PAM_RUSER= 
> PAM_SERVICE=ldapserver PAM_TYPE=auth 
> PAM_USER=uid=semik2,ou=People,dc=perun-shadow,dc=cesnet,dc=cz 
> PAM_AUTHTOK=*hidden* PAM_TTY= PAM_OLDAUTHTOK= PAM_RHOST=
> Nov  4 18:51:36 pdap pam_script_auth[12278]: PAM new
> Nov  4 18:51:36 pdap pam_script_auth[12278]: PAM bind: start
>
> Script opens anonymous connection into LDAP server and tries to search 
> subentries of user which is trying to bind.

Does the script open a connection to the same server it is being called 
from?

> In access log I see:
>
> > ...
> > [04/Nov/2013:18:51:36 +0300] conn=146 op=0 BIND 
> > dn="uid=semik14,ou=People,dc=perun-shadow,dc=cesnet,dc=cz" method=128 
> > version=3
> > [04/Nov/2013:18:51:36 +0300] conn=136 op=0 BIND 
> > dn="uid=semik26,ou=People,dc=perun-shadow,dc=cesnet,dc=cz" method=128 
> > version=3
> > [04/Nov/2013:18:51:36 +0300] conn=124 op=0 BIND 
> > dn="uid=semik24,ou=People,dc=perun-shadow,dc=cesnet,dc=cz" method=128 
> > version=3
> > [04/Nov/2013:18:51:36 +0300] conn=137 op=0 BIND 
> > dn="uid=semik23,ou=People,dc=perun-shadow,dc=cesnet,dc=cz" method=128 
> > version=3
> > [04/Nov/2013:18:51:36 +0300] conn=144 op=0 BIND 
> > dn="uid=semik15,ou=People,dc=perun-shadow,dc=cesnet,dc=cz" method=128 
> > version=3
> > [04/Nov/2013:18:51:36 +0300] conn=143 op=0 BIND 
> > dn="uid=semik30,ou=People,dc=perun-shadow,dc=cesnet,dc=cz" method=128 
> > version=3
> > [04/Nov/2013:18:51:36 +0300] conn=151 fd=95 slot=95 connection from 
> > 127.0.0.1 to 127.0.0.1
>
> There is 30 binds to semik<1-30> and it ends with connection from/to 
> localhost. Silence after that.
>
> Inside of script it succesfully create connection and hangs on 
> anonymous bind. This call never complete. Any idea? Is there some 
> limit max 30 binding connections at once? Or something like that?

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users