Bug 176797 - pam_group fails with
Summary: pam_group fails with
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam
Version: 4.0
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Mraz
QA Contact: Jay Turner
URL:
Whiteboard:
Depends On:
Blocks: 181409
TreeView+ depends on / blocked
 
Reported: 2006-01-02 21:58 UTC by Tomas Mraz
Modified: 2015-01-08 00:11 UTC (History)
1 user (show)

Fixed In Version: RHBA-2006-0370
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-08-10 21:29:47 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2006:0370 0 normal SHIPPED_LIVE pam bug fix update 2006-08-09 04:00:00 UTC

Description Tomas Mraz 2006-01-02 21:58:59 UTC 
+++ This bug was initially created as a clone of Bug #176651 +++

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322)

Description of problem:
The pam_group.so fails to assign additional group. in /var/log/messages it reports.
"Dec 28 10:52:02 lcllxts10 pam_group[32724]:  not opened"
The error occures regardless the content of the file /etc/security/group.conf.
WORKAROUND - recompiled pam_group.so from source file pam_group.c version 
" pam_group.c,v 1.3 2000/11/26 07:32:39 agmorgan" which works fine.



Version-Release number of selected component (if applicable):
pam-0.75-64

How reproducible:
Always

Steps to Reproduce:
1.Add line "auth        required      /lib/security/pam_group" in
/etc/pam.d/system-auth
2. Add a valid entry in /etc/security/group.conf e.g. 
"* ; * ; * ; Al0000-2400 ; sys "
3.Perform a login

  

Actual Results:  Run command "id". The group sys is not listed. 

Expected Results:  Group sys to be added to the group set of the user.

Additional info:

ADDITIONAL INFORMATION - i just noticed that the string
"/etc/security/group.conf" is not found in the binary pam_group.so provided with
RH AS 3.0. My guess is that the PAM_GROUP_CONF is set to null by the lines in
pam_group.c
#ifdef DEFAULT_CONF_FILE
# define PAM_GROUP_CONF         DEFAULT_CONF_FILE /* from external define */
#else
# define PAM_GROUP_CONF         "/etc/security/group.conf"
#endif

-- Additional comment from tmraz on 2006-01-02 16:52 EST --
Good catch, strange that nobody complained yet. It seems that pam_group module
is not used at all.

This is a typo in the pam_group Makefile - the $(CONFILE) should be replaced
with $(INSTALLED_CONFILE).
Comment 2 Bob Johnson 2006-04-11 16:19:26 UTC 
This issue is on Red Hat Engineering's list of planned work items 
for the upcoming Red Hat Enterprise Linux 4.4 release.  Engineering 
resources have been assigned and barring unforeseen circumstances, Red 
Hat intends to include this item in the 4.4 release.
Comment 6 Red Hat Bugzilla 2006-08-10 21:29:50 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0370.html
Note You need to log in before you can comment on or make changes to this bug.