On 06/08/2011 07:48 PM, Steven Jones wrote: > Hi, > > nsswitch atatched. > > Which pam files?
The pam configuration files. On my RHEL6 it is in /etc/pam.d/system-auth which is usually a link to a file in the same directory. I think in 5.6 is it similar. I do not have 5.6 machine handy to check. > regards > ________________________________ > From: [email protected] [[email protected]] on > behalf of Dmitri Pal [[email protected]] > Sent: Thursday, 9 June 2011 11:32 a.m. > To: [email protected] > Subject: Re: [Freeipa-users] Inconsistant first login behaviour > > On 06/08/2011 06:57 PM, Steven Jones wrote: > > Attached are F15 adnd RHEL5.6 conf scripts. > > > You have not attached pam configurations and nsswitch for 5.6. > > regards > ________________________________________ > From: > [email protected]<mailto:[email protected]> > [[email protected]<mailto:[email protected]>] > on behalf of Steven Jones > [[email protected]<mailto:[email protected]>] > Sent: Thursday, 9 June 2011 10:31 a.m. > To: [email protected]<mailto:[email protected]> > Subject: Re: [Freeipa-users] Inconsistant first login behaviour > > Hi, > > These files/clients have all been configured by the ipa-client-install > script, so any settings are standard, I have modified nothing. > > So when I built all 3 client/workstations I made a default user jonesst1 at > build time with password 1 and its the same across all three. > > So in the freeipa server I set password2 for jonesst1 which is different so I > know that I am getting a centralised login....really basic stuff. > > So then using the ipa-client-install script I joined them each in turn to > IPA....for F15 and 6.1 clients they now accept the IPA password2 without an > issue...for RHEL 5.6 it initially asked to reset the password....and I only > had 1 hour......later logins are fine. > > So my use case is nothing more than a simple centralised login...... > > regards > > ________________________________________ > From: > [email protected]<mailto:[email protected]> > [[email protected]<mailto:[email protected]>] > on behalf of Dmitri Pal [[email protected]<mailto:[email protected]>] > Sent: Thursday, 9 June 2011 8:56 a.m. > To: [email protected]<mailto:[email protected]> > Subject: Re: [Freeipa-users] Inconsistant first login behaviour > > On 06/08/2011 04:04 PM, Steven Jones wrote: > > > Hi, > > Can you fix 5.6 so it runs the ipa-client-install script the same way then > please? because running the same command giving differing results seems > strange....unless you are telling me its simply the way rhel5.6 will work? > > > Well the problem is that SSSD is not in 5.6 by default. ipa-client on > 5.6 configures LDAP+Kerberos. In fedora there is SSSD and it is > configured. In 5.7 there will be a new ipa-client that will act in the > same way as in RHEL 6 or Fedora. > > But the expectation is that they should act in the same way now. But > apparently there is some difference. > > We need to understand exactly what is your use case. > What is configured in your nsswitch and pam config on RHEL and Fedora? > And if in one case it is SSSD and not in the other we need to see SSSD > configuration and LDAP and Kerberos configuration files. > > > > > regards > > Steven > ________________________________________ > From: > [email protected]<mailto:[email protected]> > [[email protected]<mailto:[email protected]>] > on behalf of Dmitri Pal [[email protected]<mailto:[email protected]>] > Sent: Thursday, 9 June 2011 5:00 a.m. > To: [email protected]<mailto:[email protected]> > Subject: Re: [Freeipa-users] Inconsistant first login behaviour > > On 06/07/2011 10:36 PM, Steven Jones wrote: > > > Logging into the F15 client and I just login with the ldap password... > > If I try the same thing with RHEL5.6 I get told I have one hour to password > expiry.... > > I'd like it to do one or other across platforms....and be able to set this > behaviour, per user....or not at all. > > > > This is probably because in one case you log using LDAP password and in > another as Kerberos credential. The underlying password string is the > same but other properties like expiration are different as you see. > To have the consistent experience configure both systems to use same > type of the credential. > > > > > regards > > Steven > > > _______________________________________________ > Freeipa-users mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/> > > > > _______________________________________________ > Freeipa-users mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/> > > > > _______________________________________________ > Freeipa-users mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > _______________________________________________ > Freeipa-users mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/> > > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
