Yes, we are trying to figure out why IPA users are not being handled properly however
given that :
1. the method you suggested to troubleshoot my Solaris 10 system, adding pam_permit.so to the stack, will never work because Solaris does not include pam_permit.so.
so therefore
2. I had to come up with some different way to troubleshoot how or why FreeIPA authorization is failing.
so therefore
3. Lacking the module you suggested, I chose an alternative approach : put the pam configuration to a default and prove that no logins were broken
and once the basic pam configuration was proven then I had to :
4. I added the freeIPA components (kerberos) until something broke. In this case, the ipa users were never able to login, so stating that adding kerberos broke the whole pam stack so that not even a regular user could login should have been a useful troubleshooting step.


So... perhaps you could answer one of 2 things
1. how do I troubleshoot a Solaris system without pam_permit.so?
and
2. why would adding kerberos in the exact way that the manual stated break my whole pam stack so that both regular users and freeipa users could not login?

-----Original Message----- From: Dmitri Pal
Sent: Thursday, February 26, 2015 2:12 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] [Solaris 10] Cannot login through console or ssh with ipa users
root is not an ipa managed user so it is purely your pam configuration.
I thought we were trying to figure out why your ipa users are not
handled properly.


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to