[Fedora-directory-users] Use of NetGroups breaks local logins
Subhendu Ghosh
sghosh at redhat.com
Thu Oct 26 16:38:08 UTC 2006
On Thu, 2006-10-26 at 12:27 -0400, Kyle Tucker wrote:
> Hi all,
> New installation of FDS 1.0.2 on FC5. I have gotten netgroup access
> to host logins set up and working by following the steps in this document.
>
> http://directory.fedora.redhat.com/wiki/Howto:Netgroups
>
> This required the addition of this new (second) line in the account section
> of /etc/pam.d/system-auth for the access.netgroup.conf file to avoid issues
> with crond, which they don't elaborate on.
>
> account required pam_unix.so broken_shadow debug
> account required pam_access.so accessfile=/etc/security/access.netgroup.conf
> account sufficient pam_succeed_if.so uid < 500 quiet
> account [default=bad success=ok user_unknown=ignore] pam_ldap.so debug
> account required pam_permit.so
>
> But now I am seeing these failures in /var/log/secure.
>
> Oct 25 18:01:01 lin2600 crond[22707]: pam_access(crond:account): access denied
> for user `root' from `cron'
>
> I also cannot log in as root.
>
> So firstly, is all the advice in the above document accurate? Is the placement
> of this line incorrect (I am just starting to play with PAM) or do I need to
> add entries for root (or ALL) in /etc/security/access.conf (presently all
> commented out as it appears to be the default setup)?
>
> Thanks.
Hi Kyle
I came across this issue (those are my notes ;)
/etc/pamd./crond should contain
auth sufficient pam_rootok.so
Try adding an account line as well
/etc/pam.d/crond
account sufficient pam_rootok.so
-sg
More information about the Fedora-directory-users
mailing list