Alexey, Thanks. We don't use authselect because we're very familiar with PAM stacks and we have a highly customized PAM stack.
Spike On Wed, Feb 5, 2025 at 1:47 AM Alexey Tikhonov <atikh...@redhat.com> wrote: > Hi, > > On Tue, Feb 4, 2025 at 9:07 PM Spike White via sssd-users < > sssd-users@lists.fedorahosted.org> wrote: > >> All, >> >> In the comments in /etc/nsswitch.conf file, it says: >> >> # Notes: >> # >> # 'sssd' performs its own 'files'-based caching, so it should generally >> # come before 'files'. >> # >> >> >> and then later: >> >> # In order of likelihood of use to accelerate lookup. >> passwd: sss files systemd >> shadow: files >> group: sss files systemd >> >> >> However, we have consulted with Redhat Tech Support years ago when we >> first started implementing sssd and they advised us to put in local >> providers first, then remote. >> >> So we typically do this: >> >> passwd: files systemd sss >> ... >> group: files systemd sss >> >> >> Which is correct? >> > > tl,dr: in general I agree with the recommendation to keep 'files' before > 'sss'. > > Longer/precise answer depends on the OS/version being used. On more recent > versions 'authselect' should do the right thing "out of the box". > > >
-- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
