On (01/02/16 16:53), Magnus Therning wrote:
To configure my system I've followed the instructions at [1] but there
are two things not quite right:
1. All normal local users (i.e. not /root/) get prompted twice at login.
My testing shows that it's only the 2nd time the password must be
correct.
2. I can't use ~su~ to become root (though =sudo= works, so it's not the
end of the world).
My PAM-fu is rather limited, so I don't even know where I should start
looking to fix this. Maybe someone on this list can see right away
what's wrong with those instructions, or at least can offer me a pointer
on where to turn to figure it out?
/M
[1]:
https://wiki.archlinux.org/index.php/LDAP_authentication#Online_and_Offli...
You might inspire in fedora system-auth
Thanks a lot!M-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth [default=1 success=ok] pam_localuser.so
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3
authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so
Nick
>--
>Magnus Therning, magnus.therning(a)cipherstone.com
>Cipherstone Technologies AB
>Theres Svenssons gata 10, 417 55 Gothenburg, Sweden
>
>Sometimes I wonder whether the world is being run by smart people who
>are putting us on or by imbeciles who really mean it.
> -- Mark Twain
>Clearly, it's the imbeciles. And they really mean it.
> -- DBT
>_______________________________________________
>sssd-users mailing list
>sssd-users(a)lists.fedorahosted.org
>https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org