in /etc/security/access.conf it says that nis support for netgroup allow/denies is enabled. But in the srpm for pam its not -DNIS needs to be defined in the pam.spec when building pam_access to allow it. Otherwise a line like: -:ALL EXCEPT @NETGROUPTEST:ALL in access.conf will fail to allow members of @NETGROUPTEST you get this error in the logs: pam_access[10135]: NIS netgroup support not configured an errata for that might be in order. -sv
ok so I rebuilt it with -DNIS and netgroup then works. however, referencing normal groups from w/i /etc/security/access.conf after you've added the pam_access line into system-auth gets you this error: login: PAM unable to dlopen(/lib/security/pam_access.so) login: PAM [dlerror: /lib/security/pam_access.so: undefined symbol: yp_get_default_domain] I'l see what I can figure out but it would be nice to have normal yp-based groups and netgroups working. -sv
all happy now. pam_access needed to be linked to libnsl - now its correct. the attached patch file applied to pam will make it work. This might not be the best way to do it but it seemed correct from how the Makefile read.
Created attachment 21247 [details] patch pam-access's makefile to include linking to libnsl
Fixing in pam-0.75-10 and later. Thanks!