in /etc/security/access.conf it says that nis support for netgroup
allow/denies is enabled.
But in the srpm for pam its not -DNIS needs to be defined in the pam.spec
when building pam_access to allow it.
Otherwise a line like:
-:ALL EXCEPT @NETGROUPTEST:ALL
in access.conf will fail to allow members of @NETGROUPTEST
you get this error in the logs:
pam_access: NIS netgroup support not configured
an errata for that might be in order.
ok so I rebuilt it with -DNIS and netgroup then works.
however, referencing normal groups from w/i /etc/security/access.conf after
you've added the pam_access line into system-auth gets you this error:
login: PAM unable to dlopen(/lib/security/pam_access.so)
login: PAM [dlerror: /lib/security/pam_access.so: undefined symbol:
I'l see what I can figure out but it would be nice to have normal yp-based
groups and netgroups working.
all happy now. pam_access needed to be linked to libnsl - now its correct.
the attached patch file applied to pam will make it work. This might not be the
best way to do it but it seemed correct from how the Makefile read.
Created attachment 21247 [details]
patch pam-access's makefile to include linking to libnsl
Fixing in pam-0.75-10 and later. Thanks!