On Sun, Mar 13, 2016 at 04:03:50PM -0400, Cyril Scetbon wrote: > I've never said that mixing both was the best option. It's just easier for me > cause pam_ldap is already used and if I can avoid to change the current > configuration I'll be glad.
If you're already running SSSD in your environment, then I don't see a reason to not go all in..I mean, the deamon would already be up and you'd actually centralize the configuration in one config file (sssd.conf) instead of a combination of sssd.conf + pam_ldap.conf. > > I don't see any message in the log. Not even in the secure log? If that's the case then pam_sss is not being contacted at all (if pam_sss is set up and not pam_ldap). If you configured pam_sss in the pam stack but you're not seeing any messages by pam_sss in the secure log or journal then chances are then the pam_sss module is not being contacted at all (and another module might abort the PAM conversation sooner..) > > In my case, I don't need to access other information but the login (uses > by a database that can use pam for authentication and all permissions are > set at the database level). What is the option to not contact the server > even for the group information if there is one ? I'm sorry, but I don't understand what do you mean by "even for the group _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
