Fedora 8, NIS (or LDAP), and “gdmgreeter”

One major issue with Fedora 8 in shops that use a network user repository like NIS or LDAP is “gdmgreeter” breaks (note “gdmgreeter” is the Fedora replacement for XDM). The symptom is X11will fail repeatedly and not come up. In that case you will also see errors like this in “/var/log/messages”:

What is going on here is that by default on Fedora 8, “gdmgreeter” wants to iterate all the possible users on the system to offer them up on the “greeter” window. Unfortunately it seems to have a bug and when you’re using something like NIS or LDAP as your authentication store, it blows up. My guess is that it has a finite array for storing the user list and doesn’t do bounds checking.

Regardless it doesn’t really matter why. The solution is you have to go into the “gdmgreeter” configs and disable this new functionality. However, that isn’t very simple because to do so you need to get the “gdmgreeter” control panel up, and to do that you need X11 up and of course you can’t get X11 up with this broken.

The answer is to temporarily disable NIS/LDAP support in the “/etc/nsswitch.conf” by changing the “passwd” entry to just read “files”, eg:

Then restart the computer (or “telenit 3” followed by “telenit 5” to switch out and back into graphical mode). This will at least let you log in under X11 (though you’ll probably have to do it as “root” since you’ve removed the network authentication option from “nsswitch.conf”).

Once logged in, assuming you are using Gnome not KDE, start the menu item:

System / Administration / Login Window

Select the “Users” tab and deselect the checkbox for:

the select “Close”. After that is done you can re-add back the NIS/LDAP “nsswitch.conf” entry, eg:

Note that I have no idea why having an option labeled “Include all users from /etc/passwd (not for NIS)” checked would in fact turn on the NIS when it seems to clearly imply that that’s exactly what it does not do by the text, but in opposite world apparently it does.

Oh well, we all make mistakes. Hope that helps.


Leave a Reply

Your email address will not be published. Required fields are marked *