[389-users] 389 DS chrashes in case someone enters wrong password
Kurzmann Birgit
birgit.kurzmann at st.roteskreuz.at
Fri Feb 5 11:43:52 UTC 2010
Hi!
We are using 389 DS and PAM to pass authentication to active directory.
It works fine until someone tries to authenticate with a wrong password.
In that case 389 directory server crashes.
/log/secure looks like this:
Feb 5 12:31:42 st39ldap01 ns-slapd: pam_krb5[12937]: authentication
fails for 'k.thormann' (k.thormann at ST.REDCROSS.OR.AT): Authentication
failure (Cannot read password)
Feb 5 12:31:42 st39ldap01 ns-slapd: pam_unix(ldapserver:auth):
authentication failure; logname= uid=500 euid=500 tty= ruser= rhost=
user=k.thormann
Feb 5 12:31:43 st39ldap01 ns-slapd: pam_krb5[12937]: authentication
fails for 'k.thormann' (k.thormann at ST.REDCROSS.OR.AT): Authentication
failure (Looping detected inside krb5_get_in_tkt)
PAM File looks like this:
auth sufficient pam_krb5.so use_first_pass forwardable
auth include system-auth
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore authinfo_unavail=ignore]
pam_krb5.so
account include system-auth
password include system-auth
password sufficient pam_krb5.so use_authtok
session optional pam_krb5.so
Any idea how we can fix this problem?
Cheers,
Birgit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100205/9669679d/attachment.html>
More information about the 389-users
mailing list