nis 설치 후 PAM이 손상되는 이유는 무엇입니까?

저는 시스템 관리 경험이 있는 소프트웨어 엔지니어이며 현재 이전에는 Windows 인프라만 있었던 새로운 작업장에서 일부 Linux 인프라를 설정하려고 합니다. 정치적인 이유로 현재 Active Directory 설정과 단순히 통합할 수 없었고 처음부터 시작해야 했습니다. 저는 데비안을 사용하고 있습니다.

현재 kerbos, ldap, nfs 및 nis를 설정하려고 합니다. 서버가 올바르게 설정되어 있고 Kerberos를 사용하여 로그인을 테스트했으며 nis 클라이언트가 서버와 계속 통신하고 NFS 드라이브도 마운트할 수 있으므로 모든 것이 잘 작동한다고 생각합니다.

클라이언트에 nis를 설치한 이후로 복구 모드로 부팅하지 않으면 루트 계정으로 로그인조차 할 수 없습니다.

하루 반 동안 이 문제를 해결하려고 노력했지만 아이디어가 없습니다.

pam이 다음으로 출력하기 때문에 이것이 문제라고 생각합니다./var/log/auth.log

lightdm: PAM (other) illegal module type: passwd:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: group:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: shadow:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: gshadow:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (other) no module name supplied
lightdm: PAM (other) illegal module type: hosts:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
systemd-logind[667]: New session c1 of user lightdm.
systemd: PAM (other) illegal module type: passwd:
systemd: PAM pam_parse: expecting return value; [...compat]
systemd: PAM (other) illegal module type: group:
systemd: PAM pam_parse: expecting return value; [...compat]
systemd: PAM (other) illegal module type: shadow:
systemd: PAM pam_parse: expecting return value; [...compat]
systemd: PAM (other) illegal module type: gshadow:
systemd: PAM pam_parse: expecting return value; [...files]
systemd: PAM (other) no module name supplied
systemd: PAM (other) illegal module type: hosts:
systemd: PAM pam_parse: expecting return value; [...files]
systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0)
lightdm: PAM (lightdm) illegal module type: passwd:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (lightdm) illegal module type: group:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (lightdm) illegal module type: shadow:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (lightdm) illegal module type: gshadow:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (lightdm) no module name supplied
lightdm: PAM (lightdm) illegal module type: hosts:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (other) illegal module type: passwd:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: group:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: shadow:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: gshadow:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (other) no module name supplied
lightdm: PAM (other) illegal module type: hosts:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (lightdm) illegal module type: passwd:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (lightdm) illegal module type: group:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (lightdm) illegal module type: shadow:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (lightdm) illegal module type: gshadow:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (lightdm) no module name supplied
lightdm: PAM (lightdm) illegal module type: hosts:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (other) illegal module type: passwd:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: group:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: shadow:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: gshadow:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (other) no module name supplied
lightdm: PAM (other) illegal module type: hosts:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: pam_krb5(lightdm:auth): user billy authenticated as billy@PROPACK
lightdm: PAM (lightdm) illegal module type: passwd:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (lightdm) illegal module type: group:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (lightdm) illegal module type: shadow:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (lightdm) illegal module type: gshadow:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (lightdm) no module name supplied
lightdm: PAM (lightdm) illegal module type: hosts:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (other) illegal module type: passwd:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: group:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: shadow:
lightdm: PAM pam_parse: expecting return value; [...compat]
lightdm: PAM (other) illegal module type: gshadow:
lightdm: PAM pam_parse: expecting return value; [...files]
lightdm: PAM (other) no module name supplied
lightdm: PAM (other) illegal module type: hosts:
lightdm: PAM pam_parse: expecting return value; [...files]

왜 그런지 잘 모르겠습니다. 이 모든 것은 클라이언트가 nis 패키지를 설치한 후에 시작되었지만 출력으로 판단하면 nis가 서버와 통신하고 있기 때문에 문제가 아닌 것 같습니다.systemctl status nis

systemd[1]: Starting LSB: Start NIS client and server daemons....
nis[1348]: Setting NIS domainname to: domain.
nis[1348]: Starting NIS services: ypbind.
systemd[1]: Started LSB: Start NIS client and server daemons..

nis도 제거했는데(부팅 시 nis가 설치되었기 때문에) 재부팅 후에도 문제가 지속되었습니다.

nis 종속성을 확인했지만 왜 이런 일이 발생하는지 이해할 수 없습니다. 나는 Pam이 내 /etc/nsswitch.conf파일을 분석하고 있다고 생각합니다. 필요한 경우 아래에서 볼 수 있습니다.

passwd:         compat files systemd nis
group:          compat files systemd nis
shadow:         files
gshadow:        files

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

이 문제를 디버깅하는 데 도움이 되는 추가 정보가 필요한 경우 알려주시기 바랍니다.

편집하다:

/etc/pam.d/other콘텐츠:

#
# /etc/pam.d/other - specify the PAM fallback behaviour
#
# Note that this file is used for any unspecified service; for example
#if /etc/pam.d/cron  specifies no session modules but cron calls
#pam_open_session, the session module out of /etc/pam.d/other is
#used.  If you really want nothing to happen then use pam_permit.so or
#pam_deny.so as appropriate.

# We fall back to the system default in /etc/pam.d/common-*
# 

@include common-auth
@include common-account
@include common-password
@include common-session

/etc/pam.d/lightdm콘텐츠:

#%PAM-1.0

# Block login if they are globally disabled
auth      requisite pam_nologin.so

# Load environment from /etc/environment and ~/.pam_environment
session      required pam_env.so readenv=1
session      required pam_env.so readenv=1 envfile=/etc/default/locale

@include common-auth

-auth  optional pam_gnome_keyring.so

@include common-account

# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without out this it is possible
# that a module could execute code in the wrong domain.
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
session  [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close

session  required        pam_limits.so
session  required        pam_loginuid.so
@include common-session

# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)

-session optional        pam_gnome_keyring.so auto_start

@include common-password

/etc/pam.d/common-session요청대로

#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
session [default=1]         pam_permit.so
# here's the fallback if no module succeeds
session requisite           pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required            pam_permit.so
# and here are more per-package modules (the "Additional" block)
session optional            pam_krb5.so minimum_uid=1000
session required    pam_unix.so 
session optional            pam_sss.so 
session optional            pam_ldap.so 
session optional    pam_systemd.so 
# end of pam-auth-update config

passwd:         compat systemd nis
group:          compat systemd nis
shadow:         compat nis
gshadow:        files

hosts:          files dns nis

고쳐 쓰다 @Michael Ströder가 제안한 대로 sssd로 전환했지만 아무 것도 바뀌지 않았습니다.