On Thu, 2006-10-26 at 12:27 -0400, Kyle Tucker wrote: > Hi all, > New installation of FDS 1.0.2 on FC5. I have gotten netgroup access > to host logins set up and working by following the steps in this document. > > http://directory.fedora.redhat.com/wiki/Howto:Netgroups > > This required the addition of this new (second) line in the account section > of /etc/pam.d/system-auth for the access.netgroup.conf file to avoid issues > with crond, which they don't elaborate on. > > account required pam_unix.so broken_shadow debug > account required pam_access.so accessfile=/etc/security/access.netgroup.conf > account sufficient pam_succeed_if.so uid < 500 quiet > account [default=bad success=ok user_unknown=ignore] pam_ldap.so debug > account required pam_permit.so > > But now I am seeing these failures in /var/log/secure. > > Oct 25 18:01:01 lin2600 crond[22707]: pam_access(crond:account): access denied > for user `root' from `cron' > > I also cannot log in as root. > > So firstly, is all the advice in the above document accurate? Is the placement > of this line incorrect (I am just starting to play with PAM) or do I need to > add entries for root (or ALL) in /etc/security/access.conf (presently all > commented out as it appears to be the default setup)? > > Thanks. Hi Kyle I came across this issue (those are my notes ;) /etc/pamd./crond should contain auth sufficient pam_rootok.so Try adding an account line as well /etc/pam.d/crond account sufficient pam_rootok.so -sg
