I'm using pam_access.so (/etc/security/access.conf) to control access to various resources on our RHEL5 machines. One such machine has a single line in access.conf that looks something like this:
-:ALL EXCEPT group1 group2 group3:ALL group1 has 4336 members; group2 has 693 members; and group3 has 4 members. Everyone in group2 and group3 can log in fine, but folks in group1 can't. If I specify another, smaller group, that someone in group1 is in, though, they can login. There appears to be no correlation between login ability and primary group; that is, some folks who can't log in have group1 as their primary group, some have group1 as a supplementary group; some folks who can login have group2 as their primary group and some have group2 as a supplementary group. Someone in both group1 and group2 or group3 can login fine. Is there a size limit to the number of members who can be in a group for pam_access.so, or is something else going on here? Log entries look perfectly normal; no errors at all: Aug 31 09:33:03 pickering saslauthd[13134]: pam_access(imap:account): access denied for user `stutest' from `imap' My PAM config for the 'imap' resource: auth include system-auth account required pam_access.so accessfile=/etc/security/access.cyrus.conf account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password include system-auth session include system-auth Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
