Am Thu, Apr 07, 2022 at 08:19:47PM +0200 schrieb Francis Augusto Medeiros-Logeay: > > > -- > Francis Augusto Medeiros-Logeay > Oslo, Norway > > > Hi, > > > > iirc there is a special VMware PAM module which let user pass without > > entering the password if they are already authenticated at the VMware > > infrastructure. So I would expect that pam_sss is not called at all. > > Additionally, pam_sss would always need a password to get a TGT with the > > help of the SSSD backend. > > > > bye, > > Sumit > > Thanks Sumit. > I traced what happens when I connect again via the Horizon client. It seems > that system-auth, and not the VMware module, is called (well, at least not > the vmtoolsd under pam.d). I would assume a password is sent, as this > scenario I am mentioning involves passwords - like for example when one > closes the client and connect again.
Hi, can you check /var/log/secure or the journal to see which PAM modules are used during authentication? Additionally setting 'debug_level = 9' in the [pam] and [domain/...] sections of sssd.conf would enable debugging in SSSD which might help to understand if SSSD is called suring authentication and if yes what happens to the TGT request. bye, Sumit > > Best, > Francis > _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure