On Thu, 2012-11-29 at 20:55 -0500, 小龙 陈 wrote:

> And PAM is working!


> I've just finished a helper for setting up NSS and PAM for sssd. It
> basically does the following:
> 1. Looks for 'passwd', 'shadow', 'group', 'services', 'netgroup', and
> 'automount'
> in /etc/nsswitch.conf and adds 'sss' to it.

SSSD does not provide a shadow map so you shouldn't ad sss to shadow. It
will do no harm though, it will just be a noop.

> 2. Looks for pam_unix.so in every file in /etc/pam.d/, changes
> 'required'
> to 'sufficient', and adds an 'include' line for 'sss' right below
> itq. /etc/pam.d/sss
> contains the pam_sss.so lines.
> So far, I've tested sudo and su, and both are working :)
> Here's a link to the script:
> https://github.com/chenxiaolong/ArchLinux-Packages/blob/master/freeipa/sss-auth-setup.py
> If someone is bored, I'd appreciate it if he/she would take a look at
> it
> for glaring issues.

Cool stuff, I do not know Arch Linux default PAm stack configuration so
I can;t tell with certainty that the replace you make is perfect, but I
do not see anything stunningly bad.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to