Changes between Version 5 and Version 6 of PrincetonLDAPAuthentication6


Ignore:
Timestamp:
Jan 7, 2013 10:40:37 AM (5 years ago)
Author:
brose
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • PrincetonLDAPAuthentication6

    v5 v6  
    3434}}} 
    3535 
     36You will also need to make sure to use this SSSD configuration in PAM. Update /etc/nsswitch.conf accordingly: 
     37{{{ 
     38passwd:     files sss 
     39shadow:     files sss 
     40group:      files sss 
     41netgroup:   files sss 
     42}}} 
     43 
     44Also, update /etc/pam.d/system-auth-ac and password-auth-ac to include references to sss: 
     45{{{ 
     46#%PAM-1.0 
     47# This file is auto-generated. 
     48# User changes will be destroyed the next time authconfig is run. 
     49auth        required      pam_env.so 
     50auth        sufficient    pam_unix.so nullok try_first_pass 
     51auth        requisite     pam_succeed_if.so uid >= 100 quiet 
     52auth        sufficient    pam_sss.so use_first_pass 
     53auth        required      pam_deny.so 
     54 
     55account     required      pam_unix.so broken_shadow 
     56account     sufficient    pam_localuser.so 
     57account     sufficient    pam_succeed_if.so uid < 100 quiet 
     58account     [default=bad success=ok user_unknown=ignore] pam_sss.so 
     59account     required      pam_permit.so 
     60 
     61password    requisite     pam_cracklib.so try_first_pass retry=3 type= 
     62password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok 
     63password    sufficient    pam_sss.so use_authtok 
     64password    required      pam_deny.so 
     65 
     66session     optional      pam_keyinit.so revoke 
     67session     required      pam_limits.so 
     68session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid 
     69session     required      pam_unix.so 
     70session     optional      pam_sss.so 
     71}}} 
    3672 
    3773Someone else once wrote this, but it no longer seems relevant as it disables sssd: