Bug 36864 - pam_access not compiled with NIS netgroup support
Summary: pam_access not compiled with NIS netgroup support
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam   
(Show other bugs)
Version: 7.1
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-04-20 17:46 UTC by Seth Vidal
Modified: 2007-04-18 16:32 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-18 14:42:04 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch pam-access's makefile to include linking to libnsl (333 bytes, patch)
2001-06-18 14:42 UTC, Seth Vidal
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2001:149 normal SHIPPED_LIVE Updated pam and usermode packages available 2001-11-02 05:00:00 UTC

Description Seth Vidal 2001-04-20 17:46:33 UTC
in /etc/security/access.conf it says that nis support for netgroup
allow/denies is enabled.

But in the srpm for pam its not -DNIS needs to be defined in the pam.spec
when building pam_access to allow it.

Otherwise a line like:

-:ALL EXCEPT @NETGROUPTEST:ALL 
in access.conf will fail to allow members of @NETGROUPTEST

you get this error in the logs:
pam_access[10135]: NIS netgroup support not configured

an errata for that might be in order.


-sv

Comment 1 Seth Vidal 2001-06-15 22:42:02 UTC
ok so I rebuilt it with -DNIS and netgroup then works.

however, referencing normal groups from w/i /etc/security/access.conf after
you've added the pam_access line into system-auth gets you this error:

login: PAM unable to dlopen(/lib/security/pam_access.so)
login: PAM [dlerror: /lib/security/pam_access.so: undefined symbol:
yp_get_default_domain]



I'l see what I can figure out but it would be nice to have normal yp-based
groups and netgroups working.

-sv




Comment 2 Seth Vidal 2001-06-18 14:41:17 UTC
all happy now. pam_access needed to be linked to libnsl - now its correct.
the attached patch file applied to pam will make it work. This might not be the
best way to do it but it seemed correct from how the Makefile read.

Comment 3 Seth Vidal 2001-06-18 14:42:00 UTC
Created attachment 21247 [details]
patch pam-access's makefile to include linking to libnsl

Comment 4 Nalin Dahyabhai 2001-08-31 00:56:52 UTC
Fixing in pam-0.75-10 and later.  Thanks!


Note You need to log in before you can comment on or make changes to this bug.