Hi Anders, I can only find pam_unix2.conf under /etc/security. In that, apart from comments, it contains the following four lines
auth: account: password: session: none So presumably just using the defaults. Peter -----Original Message----- From: Anders Johansson [mailto:[EMAIL PROTECTED] Sent: 14 November 2006 12:08 To: Chiu, PCM (Peter) Cc: [email protected] Subject: Re: [opensuse] SLES 10 x86_64 - Permissions on password database too restrictive Well, NIS in itself is not an authentication scheme, it only distributes configurations. A NIS client can authenticate against LDAP or local shadow files, depending on the config files you're distributing Check the pam_unix2.conf in /lib/security to see what you are using for authentication On Tuesday 14 November 2006 11:59, Chiu, PCM (Peter) wrote: > Thanks Anders, > > The system uses NIS, a client. > > I happened to have a session logged on at the time, and I could access > the NIS servers. > I did also restart ypbind, and it got started okay. > > As explained in my earlier post to Daniel Gomez, I ran a verify on > pam, pam-32bit, pam-modules, pam-modules-32bit and yast2-pam, no > specific differences reported apart from pam_pwcheck.conf. The latter > has only 1 line, nothing obvious... > > Peter > > > -----Original Message----- > From: Anders Johansson [mailto:[EMAIL PROTECTED] > Sent: 13 November 2006 19:31 > To: [email protected] > Subject: Re: [opensuse] SLES 10 x86_64 - Permissions on password > database too restrictive > > On Monday 13 November 2006 16:59, Chiu, PCM (Peter) wrote: > > Hi all, > > > > On a couple of our servers running SUSE Linux Enterprise Server 10 > > (x86_64), we have encountered some intermittent problems when users > > try to log on using ssh and failed: > > > > ssh [EMAIL PROTECTED] > > Password: xxxxxx > > Permissions on the password database may be too restrictive. > > This error comes from PAM, and as far as I know it can mean one of two > things: > either the password or username was wrong, or PAM failed to contact > the password source (for example failed to read /etc/shadow, or failed > to contact the LDAP server for some reason) > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
