Index: nss_engine_pphrase.c
===================================================================
--- nss_engine_pphrase.c.orig	2016-03-14 12:33:49.139529734 +0100
+++ nss_engine_pphrase.c	2016-03-14 12:40:42.603094487 +0100
@@ -228,6 +228,7 @@ static char *nss_get_password(FILE *inpu
     char line[1024];
     unsigned char phrase[200];
     int infd = fileno(input);
+    int tmpfd;
     int isTTY = isatty(infd);
 
     token_name = PK11_GetTokenName(slot);
@@ -327,6 +328,24 @@ static char *nss_get_password(FILE *inpu
     if (pwdstr)
         return pwdstr;
 
+    /* It happens that stdin is not opened with O_RDONLY. Better make sure
+     * it is and re-open /dev/tty.
+     */
+    close(infd); /* is 0 normally. open(2) will return first available. */
+    tmpfd = open("/dev/tty", O_RDONLY);
+    if( tmpfd == -1) {
+	fprintf(output, "Cannot open /dev/tty for reading the passphrase.\n");
+	nss_die();
+    }
+    if(tmpfd != infd) {
+	if( dup2(tmpfd, infd) != infd) {
+	    fprintf(output, "Problem duplicating /dev/tty file descriptor.\n");
+	    close(tmpfd);
+	    nss_die();
+	}
+	close(tmpfd);
+    }
+
     for (;;) {
         /* Prompt for password */
         if (isTTY) {