Hi, We have a new rstudio server that we'd like to have FreeIPA manage Auth on.
sssd works - I can login with my appropriate credentials via cli, but the web interface doesn't accept the creds. I've read http://www.freeipa.org/page/Web_App_Authentication#PAM_service but we don't want to create a HBAC service - we aren't having much luck with HBAC anyway (still working on that) but we also want all users to have access to this web app. The original /etc/pam.d/rstudio looks like: #%PAM-1.0 auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_unix.so nodelay account required pam_unix.so I've changed it to look like: #%PAM-1.0 auth required pam_sss.so account required pam_sss.so This works - but does it create any other security issues? cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project