On Sat, Aug 25, 2012 at 1:01 AM, Chris Hartman <qrstuv(a)gmail.com> wrote:
OS: Fedora 17
Using the compiled source from the git repo, I'm having trouble getting
users to authenticate via PAM with the pam_sss.so module.
I can do ID lookups, enumerate user information, and "pam_test_client"
returns successful for all cases, but when logging in via SSH or through the
TTY, I get authentication failure. As an already-authenticated local user,
su commands/password auth work.
This problem persists despite pam_sss.so's order in the stack or its
control. Examining the logs, I don't see any error messages from pam_sss.
Do you see pam_sss being contacted at all? If so, are there any log
messages in /var/log/sss/sssd_pam.log (provided you set debug_level to
the [pam] section) ?
When installed from the repos, SSSD performs as expected.
What was the version that worked for you from the repos? I suspect
SELinux might be causing trouble, because the 1.9 pre-release you
checked out from git contains a number of features that needed
tweaking the SELinux policy. Make sure you are running at least
selinux-policy-3.10.0-146 if you are running in the Enforcing mode.
This version is currently in updates-testing for F17, see:
I'd like to contribute to the project but thought it'd be a
good idea to get
a system up and running with the unaltered source, first. Thanks.
Sure, having a working baseline is important.
The SSSD wiki contains a number of tips tutorials that might be helpful:
Thank you for your interest in the SSSD!