Hello, I have a problem with HBAC rules with conjunction with PAM authentication. What I try to do is to authenticate users: tac_plus - PAM (pam_sssd) - FreeIPA. It works just fine but without checking HBAC rules. What I did: - disabled allow_all rule - created new rule with one user and one service (tac_plus) And then, if I try to authenticate another user which is not in above rule then authetication is accepted and this user gets logged in. In logs, what I didn't find is an information about checking HBAC rules... Of course, when I use HBAC Test then everything is correct - one user is granted and another is declined.
# cat /etc/pam.d/tac_plus auth required pam_sss.so account required pam_sss.so Did I miss something? Thanks, Bartek Witkowski
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
