sssd can't get shadow info from ldap. When I type getent passwd it shows pass section as * not as "x"
As passwd (5) ; If the encrypted password is set to an asterisk, the user will be unable to login using login.
Can sssd get shadow information from ldap. Is it possible to cache authentication when we use ldap/shadow ?
nlastname1:*:1094:1004:Name Lastname:/home/user1:/bin/bash
nlastname2:*:1025:501:otemli:/home/user2:/bin/sh
nlastname3:*:1040:1009:Name Lastname:/home/user3:/bin/bash
splunk:*:1116:1025:Splunk Server:/opt/splunkforwarder:/bin/bash
auth required pam_env.so
auth sufficient pam_sss.so use_first_pass
auth sufficient pam_ldap.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account sufficient pam_ldap.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
#password requisite pam_cracklib.so try_first_pass retry=3
password required pam_passwdqc.so enforce=users min=disabled,16,12,8,6
password sufficient pam_sss.so use_authtok
password sufficient pam_ldap.so use_authtok
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session sufficient pam_sss.so
session required pam_unix.so
session sufficient pam_ldap.so