PAM is working fine, as long as it's checking users' passwords correctly. Your problem was only because of the userdb, and changing that to ldap should fix it.
I just looked at libnss-ldap code. It seems to be using threads, which makes it even more likely to be the source of your problems. Perhaps someone should tell them (or RH bugzilla) about this bug and see what they say..
On Thu, 2005-03-03 at 10:14 -0800, Josh Burley wrote:
Ah, I misunderstood the comment, then.
Yes, nsswitch is set up to use ldap. Do you think that switching from pam to ldap might help with this problem?
It's a Fedora Core 3 machine.
Timo Sirainen wrote:
On Thu, 2005-03-03 at 10:05 -0800, Josh Burley wrote:
Good question, eh? I thought the same when I went back and read the comments about the UID.
But, it *was* working. For a few weeks (we did the upgrade about three weeks ago). Only about 30 users in /etc/passwd, but over 300 in LDAP.
"passwd" actually doesn't mean /etc/passwd, but using getpwnam() function. That then uses /etc/nsswitch.conf and whatever configuration to figure out where to look up the users, which may end up using LDAP as well. Sounds like your system is configured this way, and sounds like the bug is in the LDAP NSS module.
What OS/distibution is this?