On 7/8/2022 6:57 AM, Jeffrey E Altman wrote:
Use of the RHEL7 pam_krb5 on a sssd enabled system will do the wrong thing since its going to step on the toes of sssd's Kerberos ticket processing.
Only if you let sssd touch Kerberos. There are any number of reasons not to let it do so (no clue if the KRB5 and LDAP problems are fixed in later versions, but the EL8 code was written by crazed weasels on crack). But I'd use Russ' pam_krb5 instead of one from EL7 (https://www.eyrie.org/~eagle/software/pam-krb5/pam-krb5.html), which would probably require you use pam_afs_session as suggested (unless I'm missing something in the docs, which is very possible).
-- Carson _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
