Unfortunately, putting that line in /etc/pam.d/system prevents me from being able to locally login to the BSD client. At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login doesn't give unexpected behaviours.
Bug, bug, bug...

17-Oct-14 14:15, Lukas Slebodnik пишет:
I would reccomend to have next line in /etc/pam.d/system and /etc/pam.d/sshd.
Without this line, access control will not work. (HBAC)
account required /usr/local/lib/pam_sss.so ignore_unknown_user 
ignore_authinfo_unavail

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to