We have a new rstudio server that we'd like to have FreeIPA manage Auth on.

sssd works - I can login with my appropriate credentials via cli, but the
web interface doesn't accept the creds.

I've read http://www.freeipa.org/page/Web_App_Authentication#PAM_service
but we don't want to create a HBAC service - we aren't having much luck
with HBAC anyway (still working on that) but we also want all users to have
access to this web app.

The original /etc/pam.d/rstudio looks like:

auth      requisite      pam_succeed_if.so uid >= 500 quiet
auth      required       pam_unix.so nodelay

account   required       pam_unix.so

I've changed it to look like:

auth      required       pam_sss.so

account   required       pam_sss.so

This works - but does it create any other security issues?


The most dangerous phrase in the language is, "We've always done it this

- Grace Hopper
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to