Bug#599399: Incorrect effective groups when logging in with NIS and pubkey auth
Russ Allbery <rra@debian.org> writes:
> Arto Jantunen <viiru@debian.org> writes:
>
>> PAM was my first guess as well, but I don't have any concrete knowledge
>> about the sequence changes involved here (my understanding of PAM is
>> fairly superficial, and also outdated). Are you confident enough about
>> your theory to reassign this bug to PAM?
>
> No... it's possible that the session module is not getting invoked for
> some reason. I think the key missing bit of information is what's
> different about your system, since I don't think this is happening to
> everyone. I think there must be something about your system that's
> tickling the bug, and that would probably point to the problem package.
>
> Do you have any unusual or non-default PAM configuration? Also, how are
> your supplemental groups managed; is it all in /etc/group, or are you
> using LDAP or some other system?
I'm fairly certain that NIS is the differentiating factor here, it's quite
rare these days. I see the problem on all three NIS using machines I have
upgraded to squeeze and on none of the ones that don't have NIS.
The PAM configuration itself is at defaults, as is the sshd config.
--
Arto Jantunen
Reply to: