Hi all, I am working on a system which does TACACS+ authentication of users with pam_tacplus and nss_tacplus libraries nss_tacplus: https://github.com/benschumacher/nss_tacplus pam_tacplus: https://github.com/kravietz/pam_tacplus
This solution relied on NSCD to be running, since the nss_tacplus only implemented getpwnam_r . For getpwuid_r etc it relied on the cached entries in nscd. It was working fine until fedora removed NSCD from glibc in FC36 ( https://fedoraproject.org/wiki/Changes/RemoveNSCD) The above write up indicates that SSSD could be used to cover all cacheing requirements that was previously provided by NSCD. However I am unable to configure SSSD for my use case. When I tried to link the id_provider as proxy and the proxy_lib_name as tacplus, sssd fails to come up. If fails with this error: (2022-12-19 23:32:35): [be[shadowutils]] [sss_load_nss_symbols] (0x0010): Library 'libnss_tacplus.so.2' did not provide mandatory symbol 'getpwuid_r', error: /lib64/libnss_tacplus.so.2: undefined symbol: _nss_tacplus_getpwuid_r. Is there any way to use sssd with the above mentioned nss_tacplus library? By this I mean can sssd be configured to do getpwnam only using the nss_tacplus, at which time it could cache the passwd details of the user, and use the cache for the other APIs like getpwuid etc? _________________________________________________
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
