pam application doesn't release sockets
Pavel Kankovsky
peak at argo.troja.mff.cuni.cz
Wed Jan 26 15:38:45 UTC 2011
On Mon, 24 Jan 2011, Evgeny Tarasov wrote:
> /etc/pam.d/check_user file:
> # check authorization
> auth required pam_unix.so
> account required pam_unix.so
What have you got in your /etc/pam.d/check_user?
Those two (significant) lines? Anything else?
> a.out 31532 root 3u unix 0xe19d8000 0t0 14146583 socket
> a.out 31532 root 4u FIFO 0,8 0t0 14146586 pipe
> a.out 31532 root 5r FIFO 0,8 0t0 14146586 pipe
> a.out 31532 root 6w unix 0xf657c000 0t0 14146592 socket
> a.out 31532 root 7r FIFO 0,8 0t0 14146589 pipe
> a.out 31532 root 8w FIFO 0,8 0t0 14146589 pipe
> a.out 31532 root 9r FIFO 0,8 0t0 14146594 pipe
> a.out 31532 root 10r FIFO 0,8 0t0 14146594 pipe
> a.out 31532 root 11w unix 0xd4c68600 0t0 14146600 socket
> a.out 31532 root 12u FIFO 0,8 0t0 14146597 pipe
> a.out 31532 root 13w FIFO 0,8 0t0 14146597 pipe
> a.out 31532 root 14r FIFO 0,8 0t0 14146602 pipe
> a.out 31532 root 15w FIFO 0,8 0t0 14146602 pipe
> a.out 31532 root 17r FIFO 0,8 0t0 14146605 pipe
> a.out 31532 root 18w FIFO 0,8 0t0 14146605 pipe
>
> There is always one open socket for each authentication attempt (100
> after 100 attempts) and this sockets will be never closed.
Sockets? Most of those open descriptors are *pipes*.
> Please help me to figure out the cause of the problem. It seems I forgot
> some finalising stuff, but `pam_end` in it's place. Maybe there is
> something else?
Find out what opens those descriptors. Run your progrem under strace.
Run it under gdb and set a breakpoint at pipe() (or socket()?).
--
Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /
More information about the Pam-list
mailing list