From: Arthur de Jong <adejong@debian.org>
Date: Sat, 1 Mar 2025 11:59:24 +0000
Subject: not request the whole passwd DB at each login.

Last-Update: 2013-08-14
Forwarded: <unknown>. Fixed in 1.3.6rc1
Bug-Debian: http://bugs.debian.org/717235
---
 modules/mod_auth.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/modules/mod_auth.c b/modules/mod_auth.c
index abe6ff8..c44d5ba 100644
--- a/modules/mod_auth.c
+++ b/modules/mod_auth.c
@@ -836,16 +836,23 @@ static struct passwd *passwd_dup(pool *p, struct passwd *pw) {
 }
 
 static void ensure_open_passwd(pool *p) {
-  /* Make sure pass/group is open.
-   */
+  /* Make sure pass/group is open. */
   pr_auth_setpwent(p);
   pr_auth_setgrent(p);
 
   /* On some unices the following is necessary to ensure the files
-   * are open.  (BSDI 3.1)
+   * are open (BSDI 3.1)
    */
   pr_auth_getpwent(p);
   pr_auth_getgrent(p);
+
+  /* Per Debian bug report:
+   *   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717235
+   * we might want to do another set{pw,gr}ent(), to play better with
+   * some NSS modules.
+   */
+  pr_auth_setpwent(p);
+  pr_auth_setgrent(p);
 }
 
 /* Next function (the biggie) handles all authentication, setting
