Date: Sun, 6 Feb 2005 14:22:03 -0800 From: Andrew Konstantinov <andrei@kableu.com> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-stable@freebsd.org Subject: Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root' Message-ID: <20050206222203.GA63042@warrior.kableu.com> In-Reply-To: <Pine.BSF.4.53.0502062055360.845@e0-0.zab2.int.zabbadoz.net> References: <20050130084359.GA36069@warrior.kableu.com> <20050202070820.GA26302@warrior.kableu.com> <20050206061245.GA1774@warrior.kableu.com> <20050206090524.GA79029@warrior.kableu.com> <20050206205207.GA764@warrior.kableu.com> <Pine.BSF.4.53.0502062055360.845@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 06, 2005 at 09:07:38PM +0000, Bjoern A. Zeeb wrote: > On Sun, 6 Feb 2005, Andrew Konstantinov wrote: >=20 > > On Sun, Feb 06, 2005 at 12:29:23PM -0800, Doug White wrote: > > > On Sun, 6 Feb 2005, Andrew Konstantinov wrote: > > > > > > > *Possible* exact reproduction steps: > > > > - install RELENG_5 > > > > - rebuild RELENG_5 with "NO_NIS=3Dtrue" in /etc/make.conf > > > > - restart sshd service > > > > > > Sorry, no dice. I had to set "PermitRootLogin yes" in > > > /etc/ssh/sshd_config but logging in as root with password succeeds wi= th no > > > login class warning. Upgraded from a RELENG_5 from yesterday to one a= bout > > > 90 minutes old. > > > > > > What is the contents of /etc/nsswitch.conf? bz is telling me that if = you > > > still have 'nis' in the lines in nsswitch and you compile with NO_NIS= that > > > you'll get wierd user lookup errors. > > > > > > Also what are the contents of /etc/make.conf? > > > > #--- The nsswitch.conf: > > group: compat > > group_compat: nis > > hosts: files dns > > networks: files > > passwd: compat > > passwd_compat: nis > > shells: files > > #---------------------- > > > > Hmm, I completely forgot about that one. :( I guess 'nis' should have b= een > > switched to 'files' whenever system is compiled with "NO_NIS=3Dtrue". >=20 > it's not documented - sorry, will do that. >=20 > change it to sth like: >=20 > group: files > hosts: files dns > networks: files > passwd: files > shells: files >=20 > w/o this change I can see sth like this when doing passwd auth: >=20 > 'sshd[1995]: NSSWITCH(nss_method_lookup): nis, passwd_compat, endpwent, n= ot found' >=20 > But I suspect this will not help with your problem. Actually, that solves all the problems. Once I switched to your version of nsswitch.conf, all the "unknown class" bugs and multiple logging events have disappeared. > Did you change your login.conf? I always used the one that FreeBSD suplies, without any modifications. I ev= en copied it from /usr/src/ multiple times and rebuilt the database from it to ensure that it's not some sort of filesystem glitch. > Could you mail me (private mail please) the library with which you can > see the problems? libc.so.5 with debug symbols is on its way to bz@ As a sidenote: I definitely agree that it should be documented. Also, it's = my personal opinion, but perhaps its better to switch the default nsswitch.conf file to the one that doesn't contain "nis" as a lookup mechanism. It's much easier to add to the "NIS/YP" section in the handbook couple lines that tell the reader to modify /etc/nsswitch.conf to accomodate "NIS/YP" than documen= ting (I can't think of any appropriate section) that whenever a system is built = with "NO_NIS=3Dtrue" in the make file, the user should modify the /etc/nsswitch.= conf to accomodate the change. I realized that it's entirely my fault for not looking forward to the impact of "NO_NIS=3Dtrue", but still, I consider the= above described approach better. Andrew --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCBpiLg+6MtxSjexcRAgyGAKCRJSISbcotte/VXLI5U/ALcgIXggCfQj0s GJZMNhS3A6L3SwwFrwqAGz4= =lzBx -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050206222203.GA63042>