URL:
https://github.com/SSSD/sssd/pull/911
Title: #911: Update pam_sss.8.xml
mzidek-rh commented:
"""
Here are my comments for each entry you added:
- PAM_SUCCESS - OK
- PAM_USER_UNKNOWN - ... or the SSSD's PAM responder is not running.
- PAM_IGNORE - Simply write "See options ignore_unknown_user and
ignore_authinfo_unavail."
- PAM_AUTHTOK_ERR - I think this is OK... maybe add that it could be returned also when
user authenticates with certificates and multiple certificates are available but installed
version of gdm does not support selection from multiple certificates.
- PAM_AUTHINFO_UNAVAIL - OK (I think)
- PAM_BUF_ERR - Ok, but also add that this could be returned also when options
use_first_pass or use_authtok were set, but no password from previously stacked pam module
was found."
- PAM_SYSTEM_ERR - OK
- PAM_CRED_ERR - OK
- PAM_CRED_INSUFFICIENT Ok, but add "For example missing PIN during smartcard
authentication or missing factor during 2-factor authentication."
```
I hope it is understandable. Ask if something is not clear.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/911#issuecomment-545645733