IPA clients (RHEL, CentOS and Unbuntu 12.04) does not clear credential cache files when a user logout from a ssh session.
pam_sss man page does not have much information on how it manage to clean out a session when the session is ended. This is my sshd and session_common file: ===== sshd ===== @include common-auth account required pam_nologin.so @include common-account @include common-session session optional pam_motd.so # [1] session optional pam_mail.so standard noenv # [1] session required pam_limits.so session required pam_env.so # [1] session required pam_env.so user_readenv=1 envfile=/etc/default/locale @include common-password ===== ===== common-session ===== auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_sss.so use_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so ===== Is this a pam configuration issue or a pam_sss issue? Thanks, Qing -- ------------------ Qing Chang Senior Systems Administrator M6-624 Research Computing Sunnybrook Health Sciences Centre 2075 Bayview Ave. Toronto, Ontario, M4N 3M5 (416) 480-6100 x3263 [email protected] ------------------ _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
