On Mon, 27 Aug 2001, Aaron Grewell wrote: > I'm using mod_auth_pam with Apache to do authentication against my NDS > database. The pam modules for NDS seem to work fine in that I can login at > the prompt using an account that doesn't exist in /etc/passwd as long as it > exists and is set up properly in NDS. The problem I'm having is that when I > use Apache's require-group directive it only works on groups that exist in > /etc/groups. NDS groups, even if they are setup for Unix use, are never > checked. I realize that this may be an NDS issue and not a PAM issue, but > I'm trying to look at it from all angles. What's the best way to > troubleshoot the PAM end of it? I appreciate any suggestions you may have. > Here's some stuff that may or may not be useful: > /etc/nsswitch.conf (trimmed) > _______________________________________________________ > passwd: files nds > shadow: files > group: files nds You say the NDS groups are set up for Unix use, and your nsswitch.conf looks correct. Do these groups work outside of Apache? If you do 'id <nds_user>' at the command line, are the supplemental NDS groups shown? Regardless, this doesn't look like a PAM problem to me, since PAM doesn't do any handling of /etc/groups. Cheers, Steve Langasek postmodern programmer