On (16/09/16 14:55), Douglas Duckworth wrote: >Please ignore my previous email as this is insecure: > >auth required pam_env.so >auth sufficient pam_unix.so nullok try_first_pass >auth sufficient pam_succeed_if.so uid >= 500 quiet >auth sufficient pam_sss.so use_first_pass > >One does not simply have pam_unix as sufficient and expect to not get hacked > The problem is not with "pam_unix as sufficient" bug is that last entry for auth is no "pam_deny.so" e.g. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so
LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
