Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 389391 - www-apache/mod_authnz_external-3.2.6 fails with method checkpassword
Summary: www-apache/mod_authnz_external-3.2.6 fails with method checkpassword
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Deadline: 2019-04-30
Assignee: No maintainer - Look at if you want to take care of it
Keywords: NeedPatch, PMASKED
Depends on:
Reported: 2011-11-03 07:36 UTC by Tres 'RiverRat' Melton
Modified: 2019-04-02 17:44 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

emerge --info apache (emerge--info--apache.txt,4.61 KB, text/plain)
2011-11-04 16:44 UTC, Tres 'RiverRat' Melton
emerge --info mod_authnz_external (emerge--info--mod_authnz_external.txt,3.84 KB, text/plain)
2011-11-04 16:45 UTC, Tres 'RiverRat' Melton
emerge -pvq apache (emerge-vpq--apache.txt,1017 bytes, text/plain)
2011-11-04 16:47 UTC, Tres 'RiverRat' Melton

Note You need to log in before you can comment on or make changes to this bug.
Description Tres 'RiverRat' Melton 2011-11-03 07:36:26 UTC
While doing a system upgrade to the new gcc (4.5.3) I also upgraded mod_authnz_external to 3.2.6 and then did an emerge -ave world which completed successfully.  After that I couldn't access the secured sections of my website.  After some research I downgraded mod_authnz_external (3.1.0) and everything was fine again.  During the failures I noticed the system log contained:

system-auth[25420]: Error opening fd 3: Bad file descriptor
system-auth[25420]: Exiting with status 2

Apache calls the program the same way qmail-smtp and courier-imapd-ssl do and that program was never changed so it can't be it.  

/usr/bin/checkpassword-pam -s system-auth /bin/true

It has to be the Apache module and the way it calls checkpassword-pam which seems to hold true in the log files as it expects the $USER and $PASS to be sent to it in file descriptor 3 which doesn't appear to be opened by the module for the checkpassword-pam program to read from.

More information available upon request here, email, or on IRC as RiverRat
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2011-11-03 15:28:27 UTC
1) Don't CC maintainers when you cannot assign bugs.
2) Please post your `emerge --info www-apache/mod_authnz_external' output too.
2) Please post your `emerge --info www-servers/apache' output too.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2011-11-03 15:29:31 UTC
(In reply to comment #1)
> 2) Please post your `emerge --info www-servers/apache' output too.

That should read:

3) Please post your `emerge -vpq www-servers/apache' output too.

Sorry for the trouble.
Comment 3 Tres 'RiverRat' Melton 2011-11-03 18:58:50 UTC
Thanks Rej.  I thought since being a former Arch tester and knowing what herd is responsible for the package it would save time and effort to CC the Apache herd.  Anyway, here is the info you requested:

2) Please post your `emerge --info www-apache/mod_authnz_external' output too.

2) Please post your `emerge --info www-servers/apache' output too.

3) Please post your `emerge -vpq www-servers/apache' output too.

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2011-11-04 16:20:56 UTC
Er, this isn't about Keywording and stabilisation. 3.2.6 is stable already. Please attach the requested information so this bug report will remain self-consistent in the future.
Comment 5 Tres 'RiverRat' Melton 2011-11-04 16:44:35 UTC
Created attachment 291675 [details]
emerge --info apache
Comment 6 Tres 'RiverRat' Melton 2011-11-04 16:45:40 UTC
Created attachment 291677 [details]
emerge --info mod_authnz_external
Comment 7 Tres 'RiverRat' Melton 2011-11-04 16:47:24 UTC
Created attachment 291679 [details]
emerge -pvq apache

The 'q' might not have been a wise suggestion but here it is.
Comment 8 Pacho Ramos gentoo-dev 2013-01-01 19:43:11 UTC
Looks like an upstream bug:
Comment 9 Tres 'RiverRat' Melton 2014-01-27 21:22:30 UTC
This is an upstream bug.  Until they resolve it would it be possible to add 3.1.0 back into the tree?  It is the last known good version.
Comment 10 Larry the Git Cow gentoo-dev 2019-03-31 08:16:27 UTC
The bug has been referenced in the following commit(s):

commit 6574d28a51b357fdcb79a8578e41e20a2247933f
Author:     Michał Górny <>
AuthorDate: 2019-03-31 08:15:27 +0000
Commit:     Michał Górny <>
CommitDate: 2019-03-31 08:16:22 +0000

    package.mask: Last rite www-apache/mod_authnz_external
    Signed-off-by: Michał Górny <>

 profiles/package.mask | 7 +++++++
 1 file changed, 7 insertions(+)
Comment 11 Thomas Arnett 2019-04-01 04:51:06 UTC
The "pipe" authentication method is unaffected by this bug.

It looks like this bug still exists upstream; the developer accidentally changed the target file descriptor to stdin in 3.2.0 and tried to fix it in 3.2.5 by changing it to stderr. I don't know how to fix it portably.

The current maintainer is probably unaware of this bug. The comments about it not being fixed were added months after the issue was closed. The maintainer at the time, Jan Wolter, died in 2015.
Comment 12 Craig Andrews gentoo-dev 2019-04-02 17:44:19 UTC
This issue was fixed years ago. :)