> As far as I understand, the `pam_localuser` line should authorize the `gdm-greeter` user and not continue to `pam_sss`.
The issue here is that pam_localuser is checking /etc/passwd (https://github.com/linux-pam/linux- pam/blob/master/modules/pam_localuser/pam_localuser.8.xml#L12). I wonder if it should support systemd dynamic users. On a side note, pam_localuser should arguably return PAM_USER_UNKNOWN instead onf PAM_PERM_DENIED when the user is not found (although such change would have no direct impact in the bug reported here). Nevertheless, we should file an upstream bug for that. I suppose that the next steps here would be to file 2 bugs upstream: one inquiring if pam_localuser should support dynamic users somehow, and another one to request changing its return value. PS: relevant read on dynamic users: https://0pointer.net/blog/dynamic- users-with-systemd.html ** Also affects: pam (Ubuntu) Importance: Undecided Status: New ** Also affects: pam (Ubuntu Resolute) Importance: Undecided Status: New ** Also affects: sssd (Ubuntu Resolute) Importance: Undecided Status: New ** Also affects: pam (Ubuntu Stonking) Importance: Undecided Status: New ** Also affects: sssd (Ubuntu Stonking) Importance: Undecided Status: Triaged ** Also affects: pam (Ubuntu Questing) Importance: Undecided Status: New ** Also affects: sssd (Ubuntu Questing) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2151186 Title: pam-configs/sss (pam_localuser.so) does not allow systemd dynamic users like gdm-greeter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2151186/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
