Red Hat Bugzilla – Full Text Bug Listing
|Summary:||sshd needs to be restarted for changes in pam/nsswitch config to take effect|
|Product:||Red Hat Enterprise Linux 3||Reporter:||Nils Philippsen <nphilipp>|
|Component:||glibc||Assignee:||Jakub Jelinek <jakub>|
|Status:||CLOSED NOTABUG||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-03-01 07:44:23 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Nils Philippsen 2004-07-12 04:56:18 EDT
When configuring the system to use NIS (with authconfig, see bug #127306) and trying to login with a NIS user, sshd complains: Jul 12 10:53:04 gibraltar sshd: Illegal user d022127 from ::ffff:127.0.0.1 in /var/log/secure. After running authconfig, /etc/nsswitch.conf, /etc/yp.conf and /etc/pamd.d/system-auth get changed accordingly and only after restarting sshd, everything works as expected, so I think maybe sshd reads the pam configuration only at startup. Could reproduce this on two FC2 systems. Version-Release number of selected component (if applicable): openssh-3.6.1p2-34 authconfig-4.6.2-1 pam-0.77-40 ypbind-1.17.2-1
Comment 1 Nils Philippsen 2004-11-18 05:23:56 EST
FWIW, this behaviour shows also on RHEL3 with openssh-server-3.6.1p2-33.30.1 but not on FC3 with openssh-server-3.9p1-7. Changing product as FC2 isn't that interesting anymore ;-).
Comment 2 Tomas Mraz 2005-02-08 11:27:53 EST
This must be some problem with glibc caching the nsswitch.conf settings or similar problem.
Comment 3 Jakub Jelinek 2005-03-01 07:44:23 EST
nsswitch.conf is of course cached, so if you make changes to that file, you need either to restart the daemons or better use nscd and just restart nscd.
Comment 4 Nils Philippsen 2005-03-01 09:47:50 EST
Does this cache have some kind of a timeout? If not, there's a serious problem because then you have to remember to restart every service where nsswitch.conf has effect. I mean it can't be that expensive to stat() nsswitch.conf once in a while to see whether it has changed or not.