On Mon, Oct 16, 2017 at 03:04:22PM +0000, [email protected] wrote: > On certain servers I want IPA authentication but the local user/group > database. With sssd 1.14, I could specify pam as the only service and put > files in /etc/nsswitch.conf. With sssd 1.15, I get extra groups with that > setting. I had to set id_provider=none, which is undocumented. I'd be happy > to see id_provider=files for this situation, though id_provider=none with > nsswitch seems to do what I need.
On what distribution and with what nsswitch.conf contents do you get the extra groups? I would also say that id_provider=files is what you could use here.. > > I do have a user with a static password, for cases where services are down. > That can be done in pam, by having pam_unix as well as pam_sss. It would be > interesting to have sssd handle this kind of mixed case, but it seems like > this is what pam is for. > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
