Netgroup based acess control not working with pam_access.so module in Red Hat Enterprise Linux 6.

Solution Verified - Updated -

Issue

  • Netgroup based acess control not working with pam_access.so module in Red Hat Enterprise Linux 6. However same setup works fine with pam_access.so in Red Hat Enterprise Linux 5.

For example :

1. Setup 2 netgroups one incluses hosts and second includes users in your LDAP server.

# getent netgroup QAsystems
QAsystems             (testsystem1.example.com, , example .com) (testsystem2.example.com, , example.com)

# getent netgroup QAUsers
QAUsers               ( , idmuser1, example.com) ( , idmuser2, example.com)

2. Now add the following lines in /etc/security/access.conf file.

+ : root : ALL
+ : @QAUsers@@QAsystems : ALL
- : ALL : ALL

3. Add pam_access.so module in the account section of /etc/pam.d/system-auth file.

account     required      pam_access.so

4. Now when try to login using idmuser1 from testsystem1.example.com system, login fails.

# ssh idmuser1@testsystem1.example.com
idmuser1@testsystem1.example.com's password: 
Connection closed by 10.65.211.24

This works fine with pam_access in Red Hat Enterprise Linux 5. The issue only occurs on Red Hat Enterprise Linux 6.

Environment

  • Red Hat Enterprise Linux 6
  • pam-1.1.1-8.el6.x86_64
  • pam_access.so

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.