On Tue, Oct 17, 2017 at 05:15:08PM -0400, Asif Iqbal wrote:
I setup sssd to login with 2 factor auth and it works fine and then I
am
failing to sudo with ldap even though id_provider is ldap.
Here is log from sssd_LDAP when running sudo -s
http://dpaste.com/36PTMS0.txt
Here is relevant config
[domain/LDAP]
chpass_provider = krb5
access_provider = ldap
id_provider = ldap
...
auth_provider = proxy
proxy_pam_target = securid
..
There is no sudo_* in here
sudo -s works if I use the auth provider, which is 2FA. So it seems like
sudo auth follows whatever auth_provider is set to?
Can I have ssh login with proxy as auth provider and sudo login with ldap
as auth provider?
I know both ssh and sudo login works with ldap and krb5, but I need to have
the ssh login with 2FA in my env.
Thanks for your help
The only way I can think of solving this is to configure two [domains]
in sssd.conf and using fully qualified names, e.g. user@otpdomain and
user@ldapdomain..