Red Hat Bugzilla – Bug 127655
sshd needs to be restarted for changes in pam/nsswitch config to take effect
Last modified: 2007-11-30 17:07:02 EST
When configuring the system to use NIS (with authconfig, see bug
#127306) and trying to login with a NIS user, sshd complains:
Jul 12 10:53:04 gibraltar sshd: Illegal user d022127 from
in /var/log/secure. After running authconfig, /etc/nsswitch.conf,
/etc/yp.conf and /etc/pamd.d/system-auth get changed accordingly and
only after restarting sshd, everything works as expected, so I think
maybe sshd reads the pam configuration only at startup. Could
reproduce this on two FC2 systems.
Version-Release number of selected component (if applicable):
FWIW, this behaviour shows also on RHEL3 with
openssh-server-3.6.1p2-33.30.1 but not on FC3 with
openssh-server-3.9p1-7. Changing product as FC2 isn't that interesting
This must be some problem with glibc caching the nsswitch.conf settings or
nsswitch.conf is of course cached, so if you make changes to that file, you need
either to restart the daemons or better use nscd and just restart nscd.
Does this cache have some kind of a timeout? If not, there's a serious problem
because then you have to remember to restart every service where nsswitch.conf
has effect. I mean it can't be that expensive to stat() nsswitch.conf once in a
while to see whether it has changed or not.