Index: nss_engine_pphrase.c
===================================================================
--- nss_engine_pphrase.c.orig	2016-04-15 20:27:59.000000000 +0200
+++ nss_engine_pphrase.c	2016-04-16 11:11:49.472862662 +0200
@@ -230,6 +230,7 @@ static char *nss_get_password(FILE *inpu
     char line[1024];
     unsigned char phrase[200];
     int infd = fileno(input);
+    int tmpfd;
     int isTTY = isatty(infd);
 
     token_name = PK11_GetTokenName(slot);
@@ -351,6 +352,24 @@ static char *nss_get_password(FILE *inpu
     if (pwdstr)
         return pwdstr;
 
+    /* It happens that stdin is not opened with O_RDONLY. Better make sure
+     * it is and re-open /dev/tty.
+     */
+    close(infd); /* is 0 normally. open(2) will return first available. */
+    tmpfd = open("/dev/tty", O_RDONLY);
+    if( tmpfd == -1) {
+	fprintf(output, "Cannot open /dev/tty for reading the passphrase.\n");
+	nss_die();
+    }
+    if(tmpfd != infd) {
+	if( dup2(tmpfd, infd) != infd) {
+	    fprintf(output, "Problem duplicating /dev/tty file descriptor.\n");
+	    close(tmpfd);
+	    nss_die();
+	}
+	close(tmpfd);
+    }
+
     for (;;) {
         /* Prompt for password */
         if (isTTY) {