7:19 a.m.
How would a newbie know what sorts of functions the various pam_sss modules
(auth/session/password/account) perform in order to decide how to configure them in the
PAM stack? I've seen references on Fedorahosted and Red Hat sites but they just tell
you exactly what to set by not why or what the modules are doing. The man page for pam_sss
also doesn't tell anything about the various modules, only that they are available.
Also, the directed configurations (e.g.
https://docs.fedoraproject.org/en-US/Fedora/18/html/System_Administrators...)
seem to differ slightly that what actually gets configured if one uses 'authconfig
--enablesssd --enablesssdauth --update'.
3:28 a.m.
(This is a pretty generic question, if you have some particular issue, feel free to ask a
more direct question..)
On 26 Nov 2016, at 14:19, ljkimmel99(a)hotmail.com wrote:
How would a newbie know what sorts of functions the various pam_sss modules
(auth/session/password/account) perform in order to decide how to configure them in the
PAM stack? I've seen references on Fedorahosted and Red Hat sites but they just tell
you exactly what to set by not why or what the modules are doing. The man page for pam_sss
also doesn't tell anything about the various modules, only that they are available.
The pam module itself doesn’t do much, really. It mostly marshals the request and sends
the request to sssd which decides what to do (if anything) with the request. Which makes
sense, because what the target does really depends on the deamon configuration.
But in general it’s safe to have the module in all stacks, even if the deamon is not
running or doesn’t provide some functionality. The only thing that might be tricky is to
order pam_unix against pam_sss. But authconfig should solve this.
Also, the directed configurations (e.g.
https://docs.fedoraproject.org/en-US/Fedora/18/html/System_Administrators...)
seem to differ slightly that what actually gets configured if one uses 'authconfig
--enablesssd --enablesssdauth --update’.
This is the recommended way of setting up PAM stack.
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
5:36 a.m.
On Sat, 2016-11-26 at 13:19 +0000, ljkimmel99(a)hotmail.com wrote:
How would a newbie know what sorts of functions the various pam_sss
modules (auth/session/password/account) perform in order to decide how
to configure them in the PAM stack?
Arguably a newbie should not touch the PAM stack :-)
I've seen references on Fedorahosted and Red Hat sites but they
just
tell you exactly what to set by not why or what the modules are doing.
The man page for pam_sss also doesn't tell anything about the various
modules, only that they are available.
This is because what happens depends very much by the daemon
configuration and very little by the pam modules. The provided
configuration should not be modified by users.
Also, the directed configurations (e.g.
https://docs.fedoraproject.org/en-US/Fedora/18/html/System_Administrators...)
seem to differ slightly that what actually gets configured if one uses 'authconfig
--enablesssd --enablesssdauth --update'.
authconfig usually does the correct thing which may have changed since
the times of Fedora 18.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
2699
days inactive
2701
days old
sssd-users@lists.fedorahosted.org
2 comments
3 participants
participants (3)
-
Jakub Hrozek -
Lesley Kimmel -
Simo Sorce