Hi all: I'm using mod_auth_pam with Apache to do authentication against my NDS database. The pam modules for NDS seem to work fine in that I can login at the prompt using an account that doesn't exist in /etc/passwd as long as it exists and is set up properly in NDS. The problem I'm having is that when I use Apache's require-group directive it only works on groups that exist in /etc/groups. NDS groups, even if they are setup for Unix use, are never checked. I realize that this may be an NDS issue and not a PAM issue, but I'm trying to look at it from all angles. What's the best way to troubleshoot the PAM end of it? I appreciate any suggestions you may have. Here's some stuff that may or may not be useful: /etc/pam.d/passwd _______________________________________________________ #%PAM-1.0 #First try through NDS auth sufficient /lib/security/pam_nds.so.0 account sufficient /lib/security/pam_nds.so.0 password sufficient /lib/security/pam_nds.so.0 # Fall back to flat file authentication auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so retry=3 password required /lib/security/pam_pwdb.so use_authtok nullok md5 shadow /etc/pam.d/httpd _______________________________________________________ [root@minastirith pam.d]# more httpd #%PAM-1.0 #[For version 1.0 syntax, the above header is optional] # # The PAM configuration file for the `httpd' service # auth sufficient /lib/security/pam_nds.so.0 account sufficient /lib/security/pam_nds.so.0 password sufficient /lib/security/pam_nds.so.0 session sufficient /lib/security/pam_nds.so.0 auth required pam_pwdb.so md5 account required pam_pwdb.so md5 /etc/nsswitch.conf (trimmed) _______________________________________________________ passwd: files nds shadow: files group: files nds
