Bug 127655

Summary: sshd needs to be restarted for changes in pam/nsswitch config to take effect
Product: Red Hat Enterprise Linux 3 Reporter: Nils Philippsen <nphilipp>
Component: glibcAssignee: Jakub Jelinek <jakub>
Status: CLOSED NOTABUG QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: uwe.menges
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-01 07:44:23 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Nils Philippsen 2004-07-12 04:56:18 EDT
When configuring the system to use NIS (with authconfig, see bug
#127306) and trying to login with a NIS user, sshd complains:

Jul 12 10:53:04 gibraltar sshd[14400]: Illegal user d022127 from

in /var/log/secure. After running authconfig, /etc/nsswitch.conf,
/etc/yp.conf and /etc/pamd.d/system-auth get changed accordingly and
only after restarting sshd, everything works as expected, so I think
maybe sshd reads the pam configuration only at startup. Could
reproduce this on two FC2 systems.

Version-Release number of selected component (if applicable):

Comment 1 Nils Philippsen 2004-11-18 05:23:56 EST
FWIW, this behaviour shows also on RHEL3 with
openssh-server-3.6.1p2-33.30.1 but not on FC3 with
openssh-server-3.9p1-7. Changing product as FC2 isn't that interesting
anymore ;-).
Comment 2 Tomas Mraz 2005-02-08 11:27:53 EST
This must be some problem with glibc caching the nsswitch.conf settings or
similar problem.
Comment 3 Jakub Jelinek 2005-03-01 07:44:23 EST
nsswitch.conf is of course cached, so if you make changes to that file, you need
either to restart the daemons or better use nscd and just restart nscd.
Comment 4 Nils Philippsen 2005-03-01 09:47:50 EST
Does this cache have some kind of a timeout? If not, there's a serious problem
because then you have to remember to restart every service where nsswitch.conf
has effect. I mean it can't be that expensive to stat() nsswitch.conf once in a
while to see whether it has changed or not.