On 04/05/2013 05:22 AM, Jakub Hrozek wrote:
Hi,
are you using pam_krb5 along with SSSD authentication? Is there a reason
not to use pam_sss.so ?
In general I would not recommend configuring the PAM stack yourself but
rather let authconfig do the job. This call would let authconfig
generate /etc/nsswitch.conf /etc/pam.d/system-auth and
/etc/pam.d/password-auth but would let you keep using the sssd.conf:
authconfig --enablesssdauth --enablesssd --update
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users I used the authconfig
command on my Fedora laptop, but I'm not certain I
did so on the RHEL workstation.
I have both lines in system-auth and password-auth:
auth sufficient pam_sss.so use_first_pass
auth sufficient pam_krb5.so use_first_pass
...
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
...
password sufficient pam_sss.so use_authtok
password sufficient pam_krb5.so use_authtok
...
session optional pam_sss.so
session optional pam_krb5.so
On my workstation, I had only the pam_sss.so lines, and GDM logins were
not working; after adding the pam_krb5.so lines to match my laptop, GDM
logins worked for the first time.
/Harry