Hi,
I just used the default pam stack that came with a fresh install and added the lines
needed to get sssd to work (since i am really not familar with the inner working of pam).
I don't see anything in my pam stack that is
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
session optional pam_krb5.so minimum_uid=1000
session optional pam_mkhomedir.so
session required pam_unix.so
session optional pam_sss.so
session optional pam_systemd.so
________________________________________
From: Jakub Hrozek <jhrozek(a)redhat.com>
Sent: Friday, December 16, 2016 12:12 PM
To: sssd-users(a)lists.fedorahosted.org
Subject: [SSSD-users] Re: logging into machine with AD credentials for the first time
On Fri, Dec 16, 2016 at 04:18:04PM +0000, Thomas Beaudry wrote:
Hi Jakub,
But none of my users is a group of nopasswdlogin
Then why is there pam_succeed_if set up this way in the pam stack?
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org