wt., 11 maj 2021 o 18:09 Sumit Bose <[email protected]> napisał(a): > Am Tue, May 11, 2021 at 03:31:22PM +0200 schrieb Paweł Szafer: > > Hi, sure. > > My auth files are based on this: > > - > https://wiki.archlinux.org/title/LDAP_authentication#PAM_Configuration_2 > > - and this: https://sssd.io/docs/ad/ad-provider-manual.html#id6 > > > > but sssd.io docs are based on Debian/Ubuntu common-auth so I had to > > improvise... > > > > passwd file: > > > > password include system-auth > > > > system-auth file: > > > > auth sufficient pam_unix.so try_first_pass nullok > > auth sufficient pam_sss.so forward_pass > > auth optional pam_permit.so > > auth required pam_env.so > > auth requisite pam_deny.so > > > > account required pam_unix.so > > account [default=bad success=ok user_unknown=ignore] pam_sss.so > > account optional pam_permit.so > > account required pam_time.so > > > > password sufficient pam_unix.so try_first_pass nullok sha512 shadow > > use_authtok > > password sufficient pam_sss.so use_authtok > > Hi, > > with use_authtok both pam_unix.so and pam_sss.so expect that another > module is prompting for the new password, e.g. > > password requisite pam_pwquality.so try_first_pass local_users_only > password sufficient pam_unix.so sha512 shadow nullok try_first_pass > use_authtok > password sufficient pam_sss.so use_authtok > password required pam_deny.so > > HTH > > bye, > Sumit >
Hi, it's working now! Thank you for your help! bye, Pawel
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
