very nasty bug in pam_succeed_if

Paul Raines raines at nmr.mgh.harvard.edu
Thu Jun 10 14:06:18 UTC 2004


I have a mix of various RedHat and Fedora Systems in our network
where we still use NIS.  In nsswitch.conf, we use 'compat' mode
for passwd, shadow, group.  

After doing two clean FC2 installs I noticed that any user with
over 8 groups could not login.  Doing a 'su - user' as one of these
users would segfault.  If I removed compat mode from nsswitch.conf,
the problem would go away.  

However, on a FC2 test 3 box that I update to FC2 final, I did
not have this problem.  This helped me track the problem down to
the pam_succeed_if line in /etc/pam.d/system-auth which did not
exist on the upgraded box (why the update did not put this in
I do not know).  Removing the line from system-auth on the two
clean install boxes fixed the problem.

What exactly is the reasoning behind the pam_succeed_if line being
added to system-auth anyway?

-- 
---------------------------------------------------------------
Paul Raines                   email: raines at nmr.mgh.harvard.edu
MGH/MIT/HMS Athinoula A. Martinos Center for Biomedical Imaging
149 (2301) 13th Street        Charlestown, MA 02129	USA   







More information about the fedora-list mailing list