very nasty bug in pam_succeed_if

Paul Raines raines at
Thu Jun 10 18:30:17 UTC 2004

On Thu, 10 Jun 2004, Matthew Miller wrote:

> On Thu, Jun 10, 2004 at 11:19:42AM -0400, Paul Raines wrote:
> > So the pam_succeed_if line in system-auth is really only needed if
> > you use LDAP (which I don't)?
> Yeah, or some other network auth protocol -- the problem before was that
> when remote account info wasn't available (network down, for example), it
> wasn't letting *local* accounts in -- even root.

I just pulled the network cable on my box and tried to login in as root.
It took a long time for NIS to timeout, but still succeeded.  So I think
it something about the pam_unix call to the ldap API that not right.

More information about the fedora-list mailing list