On Fri, 26 Sep 2014, Joakim Tjernlund wrote:
Possibly one can do that, but this is just a bad workaround for a
assumption in SSSD, namly that there can not be any system out there who
would like to auth "root" with SSSD.
You're a corner case that goes against normal practice, so any workaround is
fine, however grim. You can use .k5login/ssh keys/sudo and get to a better
place than you're aiming for with this solution, and you don't have to modify
sssd and pam to work in non standard, and most likely non-LSB compliant ways
to make it work.