Bug 61176 - NIS authentication broken
Summary: NIS authentication broken
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: pam
Version: 1.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-03-14 21:34 UTC by ellson
Modified: 2007-04-18 16:40 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-03-14 21:34:06 UTC
Embargoed:


Attachments (Terms of Use)

Description ellson 2002-03-14 21:34:00 UTC
Description of Problem:
Users with NIS passwd entries, but not /etc/passwd entry, are unable to login.
YP server is Sun/Solaris 5.6 

NIS logins worked until Rawhide updates in last couple of days.

Version-Release number of selected component (if applicable):
pam-0.75-28
rawhide-release-20020314-1

How Reproducible:
100%

Steps to Reproduce:
1. No entry for "ellson" in /etc/passwd or /etc/shadow

2. NIS entry for "ellson"
$ ypcat passwd | grep ellson
ellson:s6Q9hVc.KWh/Q:5318:550:John Ellson:/home/ellson:/bin/bash

3. "login ellson" fails.

$ login ellson
Password: 

User account has expired


Actual Results:


Expected Results:


Additional Information:
/etc/pam.d/system-auth contains:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     sufficient    /lib/security/pam_localuser.so
account     required      /lib/security/pam_deny.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow nis
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
~

Comment 1 Bill Nottingham 2002-03-28 22:44:01 UTC
This is fixed in a newer authconfig (for ex: 4.2.7-2); you can either re-run it,
or (IIRC) change:

account     required      /lib/security/pam_unix.so

to

account  sufficient /lib/security/pam_unix.so



Note You need to log in before you can comment on or make changes to this bug.