very nasty bug in pam_succeed_if

[Andre Brouty]

Paul Raines a écrit le 10.06.2004 16:06:
> I have a mix of various RedHat and Fedora Systems in our network
> where we still use NIS.  In nsswitch.conf, we use 'compat' mode
> for passwd, shadow, group.  
> 
> After doing two clean FC2 installs I noticed that any user with
> over 8 groups could not login.  Doing a 'su - user' as one of these
> users would segfault.  If I removed compat mode from nsswitch.conf,
> the problem would go away.  
> 
> However, on a FC2 test 3 box that I update to FC2 final, I did
> not have this problem.  This helped me track the problem down to
> the pam_succeed_if line in /etc/pam.d/system-auth which did not
> exist on the upgraded box (why the update did not put this in
> I do not know).  Removing the line from system-auth on the two
> clean install boxes fixed the problem.
> 
> What exactly is the reasoning behind the pam_succeed_if line being
> added to system-auth anyway?
> 

	I have same problem, unable to connect in nis "compat" mode.
	See my post "Is nis compatibility mode working in FC2 ?".
	I am a member in 8 groups. This solves my problem.

	Thanks a lot.

-- 
André