LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-11-2007, 11:51 AM   #1
regomatic
LQ Newbie
 
Registered: Jun 2007
Posts: 3

Rep: Reputation: 0
PAM access.conf not reading NIS netgroup


Hi,

Working with pam_access.so and /etc/security/access.conf. RHEL3, there is a NIS server running.

this is my access.conf
===================
# permission : users : origins
+:root:ALL
+:@allow:ALL #allows netgroup "allow"
-:@deny:ALL #denies netgroup "deny"
+:reg:ALL #allows user reg
-:ALL:ALL #denies all
===================

my getent output (so u know my nis is working)
===================
[root@bjicyz110 root]# getent netgroup allow
allow ( , testaccount, )
[root@bjicyz110 root]# getent netgroup deny
deny ( , reg, )
===================

my /etc/nsswitch.conf (i only list 3 important lines)
===================
passwd: files nis
group: files nis
netgroup: files nis
===================

my /etc/sysconfig/network is correct with the NISDOMAIN entry.


1) with the above configuration of access.conf, user reg is able to login, even though -:@deny is above it. so reg is getting in because of line 4 in access.conf
2) with the above configuration user testaccount cannot log in even though +:@allow allows it.
3) so basically pam_access.so is not reading the @deny or @allow in the access.conf file. I am not sure what is wrong. I know NIS is working and getent is replying correctly.

Is there a problem with pam and NIS netgroup? am I missing some configuration somewhere?
 
Old 09-19-2007, 01:21 AM   #2
regomatic
LQ Newbie
 
Registered: Jun 2007
Posts: 3

Original Poster
Rep: Reputation: 0
resolved -- fix unknown

Hi,

I install another system to test, same RHEL 3 ES, and it work just fine. I try matching up the configurations but the trouble system still did not work. After spending many hours looking around, I cannot find the problem. I decided to reinstall the system and it is working fine now. What I learn and maybe someone would find it useful is information about netgroup. I find that documentation and examples are lacking in the internet, especially when you started nesting one group into another. Here is what I do to get nesting one group inside another to work.

groupA (,userA,) (,userA1,)
groupB (,userB,) (,userB1,)
groupC groupA (,userB1,)

here groupA also belongs to groupC and includes userB1.
Sometime you will see this format (-,userA,-) man pages say that - makes searches faster. I have a very small map, so I didn't use this format.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
PAM and nsswitch.conf stand Linux - General 3 09-09-2011 11:25 AM
Common use of NFS, SAMBA, NIS, LDAP, PAM eve Linux - Networking 4 12-12-2005 09:58 AM
NIS - Netgroup how to x2000koh Linux - Networking 0 07-22-2003 09:27 PM
How to modify PAM.d conf. files sunnycn Linux - General 0 05-20-2002 11:47 AM
NIS and pam/gdm authentication failure cquense Linux - Networking 0 07-05-2001 04:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration