(This is a pretty generic question, if you have some particular issue, feel free to ask a
more direct question..)
On 26 Nov 2016, at 14:19, ljkimmel99(a)hotmail.com wrote:
How would a newbie know what sorts of functions the various pam_sss modules
(auth/session/password/account) perform in order to decide how to configure them in the
PAM stack? I've seen references on Fedorahosted and Red Hat sites but they just tell
you exactly what to set by not why or what the modules are doing. The man page for pam_sss
also doesn't tell anything about the various modules, only that they are available.
The pam module itself doesn’t do much, really. It mostly marshals the request and sends
the request to sssd which decides what to do (if anything) with the request. Which makes
sense, because what the target does really depends on the deamon configuration.
But in general it’s safe to have the module in all stacks, even if the deamon is not
running or doesn’t provide some functionality. The only thing that might be tricky is to
order pam_unix against pam_sss. But authconfig should solve this.
Also, the directed configurations (e.g.
https://docs.fedoraproject.org/en-US/Fedora/18/html/System_Administrators...)
seem to differ slightly that what actually gets configured if one uses 'authconfig
--enablesssd --enablesssdauth --update’.
This is the recommended way of setting up PAM stack.
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org