Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-11-2007, 11:51 AM
|
#1
|
LQ Newbie
Registered: Jun 2007
Posts: 3
Rep:
|
PAM access.conf not reading NIS netgroup
Hi,
Working with pam_access.so and /etc/security/access.conf. RHEL3, there is a NIS server running.
this is my access.conf
===================
# permission : users : origins
+:root:ALL
+:@allow:ALL #allows netgroup "allow"
-:@deny:ALL #denies netgroup "deny"
+:reg:ALL #allows user reg
-:ALL:ALL #denies all
===================
my getent output (so u know my nis is working)
===================
[root@bjicyz110 root]# getent netgroup allow
allow ( , testaccount, )
[root@bjicyz110 root]# getent netgroup deny
deny ( , reg, )
===================
my /etc/nsswitch.conf (i only list 3 important lines)
===================
passwd: files nis
group: files nis
netgroup: files nis
===================
my /etc/sysconfig/network is correct with the NISDOMAIN entry.
1) with the above configuration of access.conf, user reg is able to login, even though -:@deny is above it. so reg is getting in because of line 4 in access.conf
2) with the above configuration user testaccount cannot log in even though +:@allow allows it.
3) so basically pam_access.so is not reading the @deny or @allow in the access.conf file. I am not sure what is wrong. I know NIS is working and getent is replying correctly.
Is there a problem with pam and NIS netgroup? am I missing some configuration somewhere?
|
|
|
09-19-2007, 01:21 AM
|
#2
|
LQ Newbie
Registered: Jun 2007
Posts: 3
Original Poster
Rep:
|
resolved -- fix unknown
Hi,
I install another system to test, same RHEL 3 ES, and it work just fine. I try matching up the configurations but the trouble system still did not work. After spending many hours looking around, I cannot find the problem. I decided to reinstall the system and it is working fine now. What I learn and maybe someone would find it useful is information about netgroup. I find that documentation and examples are lacking in the internet, especially when you started nesting one group into another. Here is what I do to get nesting one group inside another to work.
groupA (,userA,) (,userA1,)
groupB (,userB,) (,userB1,)
groupC groupA (,userB1,)
here groupA also belongs to groupC and includes userB1.
Sometime you will see this format (-,userA,-) man pages say that - makes searches faster. I have a very small map, so I didn't use this format.
|
|
|
All times are GMT -5. The time now is 03:26 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|