Bug 127655 - sshd needs to be restarted for changes in pam/nsswitch config to take effect
sshd needs to be restarted for changes in pam/nsswitch config to take effect
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: glibc (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-12 04:56 EDT by Nils Philippsen
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-01 07:44:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nils Philippsen 2004-07-12 04:56:18 EDT
When configuring the system to use NIS (with authconfig, see bug
#127306) and trying to login with a NIS user, sshd complains:


Jul 12 10:53:04 gibraltar sshd[14400]: Illegal user d022127 from
::ffff:127.0.0.1

in /var/log/secure. After running authconfig, /etc/nsswitch.conf,
/etc/yp.conf and /etc/pamd.d/system-auth get changed accordingly and
only after restarting sshd, everything works as expected, so I think
maybe sshd reads the pam configuration only at startup. Could
reproduce this on two FC2 systems.

Version-Release number of selected component (if applicable):

openssh-3.6.1p2-34
authconfig-4.6.2-1
pam-0.77-40
ypbind-1.17.2-1
Comment 1 Nils Philippsen 2004-11-18 05:23:56 EST
FWIW, this behaviour shows also on RHEL3 with
openssh-server-3.6.1p2-33.30.1 but not on FC3 with
openssh-server-3.9p1-7. Changing product as FC2 isn't that interesting
anymore ;-).
Comment 2 Tomas Mraz 2005-02-08 11:27:53 EST
This must be some problem with glibc caching the nsswitch.conf settings or
similar problem.
Comment 3 Jakub Jelinek 2005-03-01 07:44:23 EST
nsswitch.conf is of course cached, so if you make changes to that file, you need
either to restart the daemons or better use nscd and just restart nscd.
Comment 4 Nils Philippsen 2005-03-01 09:47:50 EST
Does this cache have some kind of a timeout? If not, there's a serious problem
because then you have to remember to restart every service where nsswitch.conf
has effect. I mean it can't be that expensive to stat() nsswitch.conf once in a
while to see whether it has changed or not.

Note You need to log in before you can comment on or make changes to this bug.