> Subject: Re: [Freeipa-users] FreeIPA manual PAM setup help
> From: s...@redhat.com
> To: chillermillerl...@hotmail.com
> CC: jhro...@redhat.com; firstname.lastname@example.org
> Date: Thu, 29 Nov 2012 21:08:02 -0500
> On Thu, 2012-11-29 at 20:55 -0500, 小龙 陈 wrote:
> > And PAM is working!
> > I've just finished a helper for setting up NSS and PAM for sssd. It
> > basically does the following:
> > 1. Looks for 'passwd', 'shadow', 'group', 'services', 'netgroup', and
> > 'automount'
> > in /etc/nsswitch.conf and adds 'sss' to it.
> SSSD does not provide a shadow map so you shouldn't ad sss to shadow. It
> will do no harm though, it will just be a noop.
I see. I'll remove that part that. I just saw that Fedora's authconfig adds it
> > 2. Looks for pam_unix.so in every file in /etc/pam.d/, changes
> > 'required'
> > to 'sufficient', and adds an 'include' line for 'sss' right below
> > itq. /etc/pam.d/sss
> > contains the pam_sss.so lines.
> > So far, I've tested sudo and su, and both are working :)
> > Here's a link to the script:
> > https://github.com/chenxiaolong/ArchLinux-Packages/blob/master/freeipa/sss-auth-setup.py
> > If someone is bored, I'd appreciate it if he/she would take a look at
> > it
> > for glaring issues.
> Cool stuff, I do not know Arch Linux default PAm stack configuration so
> I can;t tell with certainty that the replace you make is perfect, but I
> do not see anything stunningly bad.
Thanks for taking a look at the script!
I'm having some ssh issues now, unfortunately. Password authentication works
find, but GSSAPI doesn't. The client always fails "Connection closed by UNKNOWN"
Interestingly enough, the server logs nothing (with GSSAPI) unless I set it to
Anyways, I'll have to look at this tomorrow. I'm not going to finish my
Freeipa-users mailing list