The KDE screen blanker/locker does not read authentication information via NIS, meaning that on workstations like ours (where all workstations are identical, NFS-mounting home directories, DHCP'ing their IP addresses, and getting authentication info via NIS) accidentally hitting the little 'lock' button on the KDE button bar really does lock it -- permenantly. (Well, control-alt-backspace logs the user out, but that's no real answer). Works fine for locally-authenticated users. The "real" (unpatched) KDE should work fine for YP, since it uses the getpwent in the libc library by default (which is NIS-compatible). Problem with the PAM patches?
we have no problems using PAM locally here at Red Hat, and having PAM authenticate against local files and NIS/YP. Are you sure you haven't misconfigured your PAM set up? my passwd: line in nsswitch.conf is just a simple "files nisplus nis". /etc/pam.d/kde contains: #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authtok session required /lib/security/pam_pwdb.so session optional /lib/security/pam_console.so debug It is used to authenticate for kdm and the kde screensavers. my /etc/pwdb.conf (the pam_pwdb module is used to authenticate) has the following: # # This is the configuration file for the pwdb library # user: unix+shadow nis+unix+shadow group: unix+shadow nis+unix+shadow These are all the stock, shipped defaults.