On 04/05/2013 05:22 AM, Jakub Hrozek wrote:
I used the authconfig command on my Fedora laptop, but I'm not certain I did so on the RHEL workstation.Hi,are you using pam_krb5 along with SSSD authentication? Is there a reason not to use pam_sss.so ? In general I would not recommend configuring the PAM stack yourself but rather let authconfig do the job. This call would let authconfig generate /etc/nsswitch.conf /etc/pam.d/system-auth and /etc/pam.d/password-auth but would let you keep using the sssd.conf: authconfig --enablesssdauth --enablesssd --update _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
I have both lines in system-auth and password-auth: auth sufficient pam_sss.so use_first_pass auth sufficient pam_krb5.so use_first_pass ... account [default=bad success=ok user_unknown=ignore] pam_sss.so account [default=bad success=ok user_unknown=ignore] pam_krb5.so ... password sufficient pam_sss.so use_authtok password sufficient pam_krb5.so use_authtok ... session optional pam_sss.so session optional pam_krb5.soOn my workstation, I had only the pam_sss.so lines, and GDM logins were not working; after adding the pam_krb5.so lines to match my laptop, GDM logins worked for the first time.
/Harry
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
