From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Description of problem: The pam_group.so fails to assign additional group. in /var/log/messages it reports. "Dec 28 10:52:02 lcllxts10 pam_group[32724]: not opened" The error occures regardless the content of the file /etc/security/group.conf. WORKAROUND - recompiled pam_group.so from source file pam_group.c version " pam_group.c,v 1.3 2000/11/26 07:32:39 agmorgan" which works fine. Version-Release number of selected component (if applicable): pam-0.75-64 How reproducible: Always Steps to Reproduce: 1.Add line "auth required /lib/security/pam_group" in /etc/pam.d/system-auth 2. Add a valid entry in /etc/security/group.conf e.g. "* ; * ; * ; Al0000-2400 ; sys " 3.Perform a login Actual Results: Run command "id". The group sys is not listed. Expected Results: Group sys to be added to the group set of the user. Additional info: ADDITIONAL INFORMATION - i just noticed that the string "/etc/security/group.conf" is not found in the binary pam_group.so provided with RH AS 3.0. My guess is that the PAM_GROUP_CONF is set to null by the lines in pam_group.c #ifdef DEFAULT_CONF_FILE # define PAM_GROUP_CONF DEFAULT_CONF_FILE /* from external define */ #else # define PAM_GROUP_CONF "/etc/security/group.conf" #endif
Good catch, strange that nobody complained yet. It seems that pam_group module is not used at all. This is a typo in the pam_group Makefile - the $(CONFILE) should be replaced with $(INSTALLED_CONFILE).
This issue is on Red Hat Engineering's list of planned work items for the upcoming Red Hat Enterprise Linux 3.8 release. Engineering resources have been assigned and barring unforeseen circumstances, Red Hat intends to include this item in the 3.8 release.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0346.html