URL:
https://github.com/SSSD/sssd/pull/241
Title: #241: FleetCommander Integration
jhrozek commented:
"""
On Fri, Aug 18, 2017 at 09:26:14AM +0000, Pavel Březina wrote:
I just briefly read the code, haven't tried it.
```c
@@ -126,10 +126,9 @@ static void choose_target(struct data_provider *provider,
name = "PAM Chpass 2nd";
break;
case SSS_PAM_OPEN_SESSION:
- target = DP_TARGET_SENTINEL;
- method = DP_METHOD_SENTINEL;
+ target = DPT_SESSION;
+ method = DPM_SESSION_HANDLER;
name = "PAM Open Session";
- pd->pam_status = PAM_SUCCESS;
break;
...
/* Check that target is configured. */
if (target != DP_TARGET_SENTINEL
&& !dp_target_enabled(provider, NULL, target)) {
target = DP_TARGET_SENTINEL;
method = DP_METHOD_SENTINEL;
pd->pam_status = PAM_MODULE_UNKNOWN;
}
```
What happens here if session provider is not set? With this patch we return
`PAM_MODULE_UNKNOWN` but it was `PAM_SUCCESS` before. Doesn't this cause any kind of
problem?
I don't follow. The IPA session provider is enabled by default (all
providers except access are derived from the id_provider).
Setting session_provider = none gives me:
```
(Fri Aug 18 10:21:17 2017) [sssd[be[ipa.test]]] [dp_req_reply_gen_error]
(0x0080): DP Request [PAM Open Session #13]: Finished. Target is not
supported with this configuration.
pam_dp_send_req returned 0
(Fri Aug 18 10:21:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0010):
Reply error.
(Fri Aug 18 10:21:17 2017) [sssd[pam]] [filter_responses] (0x0100):
[pam_response_filter] not available, not fatal.
```
Which, except the reply error is also expected, right?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/241#issuecomment-323317998