Bug#453241: libpam-heimdal: After recent NMU, my amd64 box is inaccessable (pam_session/account)

[Richard A Nelson]

Package: libpam-heimdal
Version: 2.6-1+b1
Severity: critical
Justification: breaks unrelated software

The amd64 box is also the KDC, i386 box running as slave KDC, and i386
client boxen all are working fine with the same pam configuration.

removing pam_krb5 from both the account and session stacks allows
further ssh/etc access (auth works, and I've not yet tried password).

The lines were:
...
account [success=done default=ignore] pam_krb5.so minimum_uid=999 debug
...
session optional    pam_krb5.so minimum_uid=999 debug
...

I note that ssh always fails, telnet succeeds (but is only on a few
of the boxes), I'm not sure about other remote access methods.

Dropping back to 2.6-1 makes things work...  Interestingly, there is an
unexplained difference in ldd output:

2.6-1:
        linux-vdso.so.1 =>  (0x00007fffc35fd000)
        libpam.so.0 => /lib/libpam.so.0 (0x00002b60e75f0000)
        libkrb5.so.17 => /usr/lib/libkrb5.so.17 (0x00002b60e77fa000)
        libcom_err.so.2 => /lib/libcom_err.so.2 (0x00002b60e7952000)
        libc.so.6 => /lib/libc.so.6 (0x00002b60e7b54000)
        libdl.so.2 => /lib/libdl.so.2 (0x00002b60e7eb2000)
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00002b60e80b7000)
        libasn1.so.6 => /usr/lib/libasn1.so.6 (0x00002b60e8444000)
        libroken.so.16 => /usr/lib/libroken.so.16 (0x00002b60e8578000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x00002b60e868c000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x00002b60e88c4000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x00002b60e8ad9000)
        /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00002b60e8cf5000)
        libdb-4.2.so => /usr/lib/libdb-4.2.so (0x00002b60e8f0c000)

2.6-1+b1:
        linux-vdso.so.1 =>  (0x00007fff26ffd000)
        libpam.so.0 => /lib/libpam.so.0 (0x00002baa83d87000)
        libkrb5.so.22 => /usr/lib/libkrb5.so.22 (0x00002baa83f91000)
        libcom_err.so.2 => /lib/libcom_err.so.2 (0x00002baa84200000)
        libc.so.6 => /lib/libc.so.6 (0x00002baa84402000)
        libdl.so.2 => /lib/libdl.so.2 (0x00002baa84760000)
        libhx509.so.1 => /usr/lib/libhx509.so.1 (0x00002baa84965000)
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00002baa84ba4000)
        libasn1.so.8 => /usr/lib/libasn1.so.8 (0x00002baa84f31000)
        libroken.so.18 => /usr/lib/libroken.so.18 (0x00002baa851b4000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x00002baa853c8000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x00002baa85600000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x00002baa85816000)
        /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00002baa85a31000)

Th differences in libkrb5, libasn1, libroken are explainable by building
against the newer heimdal-dev packages

The missing libdb-4.2, however seems odd.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), 
(500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpam-heimdal depends on:
ii  libc6                         2.7-2      GNU C Library: Shared libraries
ii  libcomerr2                    1.40.2-1   common error description library
ii  libkrb5-22-heimdal            1.0.1-4    Heimdal Kerberos - libraries
ii  libpam0g                      0.99.7.1-5 Pluggable Authentication Modules l

libpam-heimdal recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]