[OpenAFS] AFS Authentication with PAM
Mitch Collinsworth
mitch@ccmr.cornell.edu
Thu, 5 Jul 2001 13:04:04 -0400 (EDT)
> > NIS is partially broken, at least in Redhat 6.2. Near as I've been
> > able to tell it fails to consult /etc/passwd for allowed and disallowed
> > users. Any user that exists in the NIS passwd database is allowed to
> > login. This even if no + entry exists that includes them, and even if
> > an explicit - entry exists that disallows them.
>
> How is your nsswitch.conf set up? I believe you want a line like
> this:
>
> passwd: files compat
>
> ...and *not* like this:
>
> passwd: files nis
>
> The "compat" service is supposed to work like Sun's NIS configuration;
> that is, it searches /etc/passwd for allow/exclude lines. The "nis"
> service just consults NIS.
Well... This appears to be exactly the problem. Had I read
nsswitch.conf(5) I'd have known this. I guess this is the falacy
of assuming that if it looks just like the same feature on all the
other OS's I've used over the years then it must work just like
them, too. :-)
-Mitch