We have a new rstudio server that we'd like to have FreeIPA manage Auth on.
sssd works - I can login with my appropriate credentials via cli, but the
web interface doesn't accept the creds.
I've read http://www.freeipa.org/page/Web_App_Authentication#PAM_service
but we don't want to create a HBAC service - we aren't having much luck
with HBAC anyway (still working on that) but we also want all users to have
access to this web app.
The original /etc/pam.d/rstudio looks like:
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_unix.so nodelay
account required pam_unix.so
I've changed it to look like:
auth required pam_sss.so
account required pam_sss.so
This works - but does it create any other security issues?
The most dangerous phrase in the language is, "We've always done it this
- Grace Hopper
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project