Bug 61176

Summary: NIS authentication broken
Product: [Retired] Red Hat Raw Hide Reporter: ellson
Component: pamAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-03-14 21:34:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description ellson 2002-03-14 21:34:00 UTC 
Description of Problem:
Users with NIS passwd entries, but not /etc/passwd entry, are unable to login.
YP server is Sun/Solaris 5.6 

NIS logins worked until Rawhide updates in last couple of days.

Version-Release number of selected component (if applicable):
pam-0.75-28
rawhide-release-20020314-1

How Reproducible:
100%

Steps to Reproduce:
1. No entry for "ellson" in /etc/passwd or /etc/shadow

2. NIS entry for "ellson"
$ ypcat passwd | grep ellson
ellson:s6Q9hVc.KWh/Q:5318:550:John Ellson:/home/ellson:/bin/bash

3. "login ellson" fails.

$ login ellson
Password: 

User account has expired


Actual Results:


Expected Results:


Additional Information:
/etc/pam.d/system-auth contains:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     sufficient    /lib/security/pam_localuser.so
account     required      /lib/security/pam_deny.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow nis
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
~
Comment 1 Bill Nottingham 2002-03-28 22:44:01 UTC 
This is fixed in a newer authconfig (for ex: 4.2.7-2); you can either re-run it,
or (IIRC) change:

account     required      /lib/security/pam_unix.so

to

account  sufficient /lib/security/pam_unix.so