Ex-windows admin wrapping my head around PAM/SSSD has been quite tough!
I have successfully managed to to get pam_sss working with
- login for specific appliction rstudio server (/etc/pam.d/rstudio)
- containerized ubuntu
- ldap/krb5 auth
- against Microsoft Active Directory
- without domain join realmd. (so all hand-configured. ouch)
the problem is with reuse of the ticket. i cant work out how it works..
I would like to configure pam_mount and ODBC to use the same kerberos
ticket that was generated by the pam_sss modules
pam_sss creates a ticket with the follwoing naming which *cannot be used by
the "mount" command*:
however if i manually use kinit, it creates a ticket with the naming below,
which *can be easily reuse from the "mount" command*:
the naming that pam_sss uses seems to be standard but again i just cant
work out how that should be "discoverable" by any other services looking
for a ticket, when it has the wrong naming..
this seems to be where the pam_sss naming is defined - by a build flag
i want to integrate it into pam_mount to mount a cifs drive, which (i
think) is SMB so will be able to use the cifs.upcall library.
And the way cifs.upcall resolves tickets is somehwere here in
i also want to get MSSQL ODBC driver to use the ticket as well...