[Fedora-directory-users] Use of NetGroups breaks local logins
Kyle Tucker
kylet at panix.com
Thu Oct 26 16:27:24 UTC 2006
Hi all,
New installation of FDS 1.0.2 on FC5. I have gotten netgroup access
to host logins set up and working by following the steps in this document.
http://directory.fedora.redhat.com/wiki/Howto:Netgroups
This required the addition of this new (second) line in the account section
of /etc/pam.d/system-auth for the access.netgroup.conf file to avoid issues
with crond, which they don't elaborate on.
account required pam_unix.so broken_shadow debug
account required pam_access.so accessfile=/etc/security/access.netgroup.conf
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so debug
account required pam_permit.so
But now I am seeing these failures in /var/log/secure.
Oct 25 18:01:01 lin2600 crond[22707]: pam_access(crond:account): access denied
for user `root' from `cron'
I also cannot log in as root.
So firstly, is all the advice in the above document accurate? Is the placement
of this line incorrect (I am just starting to play with PAM) or do I need to
add entries for root (or ALL) in /etc/security/access.conf (presently all
commented out as it appears to be the default setup)?
Thanks.
--
- Kyle
---------------------------------------------
kylet at panix.com http://www.panix.com/~kylet
---------------------------------------------
More information about the Fedora-directory-users
mailing list