On Tue, Oct 17, 2017 at 05:15:08PM -0400, Asif Iqbal wrote: > I setup sssd to login with 2 factor auth and it works fine and then I am > failing to sudo with ldap even though id_provider is ldap. > > Here is log from sssd_LDAP when running sudo -s > > http://dpaste.com/36PTMS0.txt > > Here is relevant config > > [domain/LDAP] > chpass_provider = krb5 > access_provider = ldap > id_provider = ldap > ... > auth_provider = proxy > proxy_pam_target = securid > .. > > There is no sudo_* in here > > sudo -s works if I use the auth provider, which is 2FA. So it seems like > sudo auth follows whatever auth_provider is set to? > > Can I have ssh login with proxy as auth provider and sudo login with ldap > as auth provider? > > I know both ssh and sudo login works with ldap and krb5, but I need to have > the ssh login with 2FA in my env. > > Thanks for your help
The only way I can think of solving this is to configure two [domains] in sssd.conf and using fully qualified names, e.g. user@otpdomain and user@ldapdomain.. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
