I have working centralized authentication configuration setup on Debian Wheezy based servers, utilizing OpenLDAP (2.4.31), pam_ldap (184-8), and libnss-ldap (264-2). I have successfully configured both SSL and TLS methods to encrypt the LDAP traffic on the wire, and it appears to work flawlessly except in one particular case.
When utilizing vlock (2.2.2), without TLS/SSL encrypting the LDAP traffic, vlock will lock the console and unlock correctly. If I turn TLS or SSL on, vlock will only unlock if the first user password entered is correct (correct passwords on retry or root password will not unlock and the user is trapped in vlock).
When using TLS or SSL are turned on, any authentication attempt after the first results in some combination of the following messages:
testuser's Password:
WARNING: gnome-keyring:: C_Initialize called twice for same process
Warning: using insecure memory!
vlock: Authentication failure
I have a /etc/pam.d/vlock file, containing:
# The standard Unix authentication modules
@include common-auth
@include common-account
@include common-session
Any suggestions?
