Changes between Version 5 and Version 6 of PrincetonLDAPAuthentication6


Ignore:
Timestamp:
Jan 7, 2013 10:40:37 AM (9 years ago)
Author:
brose
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • PrincetonLDAPAuthentication6

    v5 v6  
    3434}}}
    3535
     36You will also need to make sure to use this SSSD configuration in PAM. Update /etc/nsswitch.conf accordingly:
     37{{{
     38passwd:     files sss
     39shadow:     files sss
     40group:      files sss
     41netgroup:   files sss
     42}}}
     43
     44Also, update /etc/pam.d/system-auth-ac and password-auth-ac to include references to sss:
     45{{{
     46#%PAM-1.0
     47# This file is auto-generated.
     48# User changes will be destroyed the next time authconfig is run.
     49auth        required      pam_env.so
     50auth        sufficient    pam_unix.so nullok try_first_pass
     51auth        requisite     pam_succeed_if.so uid >= 100 quiet
     52auth        sufficient    pam_sss.so use_first_pass
     53auth        required      pam_deny.so
     54
     55account     required      pam_unix.so broken_shadow
     56account     sufficient    pam_localuser.so
     57account     sufficient    pam_succeed_if.so uid < 100 quiet
     58account     [default=bad success=ok user_unknown=ignore] pam_sss.so
     59account     required      pam_permit.so
     60
     61password    requisite     pam_cracklib.so try_first_pass retry=3 type=
     62password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
     63password    sufficient    pam_sss.so use_authtok
     64password    required      pam_deny.so
     65
     66session     optional      pam_keyinit.so revoke
     67session     required      pam_limits.so
     68session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
     69session     required      pam_unix.so
     70session     optional      pam_sss.so
     71}}}
    3672
    3773Someone else once wrote this, but it no longer seems relevant as it disables sssd: