URL: https://github.com/SSSD/sssd/pull/241 Title: #241: FleetCommander Integration
jhrozek commented: """ On Fri, Aug 18, 2017 at 09:26:14AM +0000, Pavel Březina wrote:
I just briefly read the code, haven't tried it.
@@ -126,10 +126,9 @@ static void choose_target(struct data_provider *provider, name = "PAM Chpass 2nd"; break; case SSS_PAM_OPEN_SESSION: - target = DP_TARGET_SENTINEL; - method = DP_METHOD_SENTINEL; + target = DPT_SESSION; + method = DPM_SESSION_HANDLER; name = "PAM Open Session"; - pd->pam_status = PAM_SUCCESS; break; ... /* Check that target is configured. */ if (target != DP_TARGET_SENTINEL && !dp_target_enabled(provider, NULL, target)) { target = DP_TARGET_SENTINEL; method = DP_METHOD_SENTINEL; pd->pam_status = PAM_MODULE_UNKNOWN; }
What happens here if session provider is not set? With this patch we return `PAM_MODULE_UNKNOWN` but it was `PAM_SUCCESS` before. Doesn't this cause any kind of problem?
I don't follow. The IPA session provider is enabled by default (all providers except access are derived from the id_provider).
Setting session_provider = none gives me: ``` (Fri Aug 18 10:21:17 2017) [sssd[be[ipa.test]]] [dp_req_reply_gen_error] (0x0080): DP Request [PAM Open Session #13]: Finished. Target is not supported with this configuration. pam_dp_send_req returned 0 (Fri Aug 18 10:21:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0010): Reply error. (Fri Aug 18 10:21:17 2017) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. ```
Which, except the reply error is also expected, right?
"""
See the full comment at https://github.com/SSSD/sssd/pull/241#issuecomment-323317998