On Thu, 25 Sep 2014, Joakim Tjernlund wrote:
Yes, it is "my" job, not sssd's. Currently sssd dictate
that no system
ever should be allowed to login as root, no matter what.
SSSD dictates that no system should be allowed to login as root via SSSD, and
that's not quite the same. You're a corner case where you're working against
standard practice, but I can see why you think it should be possible to
configure SSSD to allow it, given that you can strip away these sanity checks
from PAM.
jh