<html> <head> <style></style></head> <body class='hmmessage'><div dir='ltr'>> Date: Thu, 29 Nov 2012 10:26:00 -0500 <div>> From: rcritten@redhat.com > To: chillermillerlong@hotmail.com > CC: freeipa-users@redhat.com; tjaalton@ubuntu.com > Subject: Re: [Freeipa-users] FreeIPA manual PAM setup help > > 小龙陈 wrote: > > Hi, > > > > I've been working on porting the FreeIPA client to Arch Linux lately and > > I'm now to the last step of the puzzle. Everything works the way it > > should, except for PAM, which I don't know how to setup. > > > > I must admit that I'm very confused my the PAM configuration (which PAM > > module does what, the order of the modules, etc). What I'm trying to > > find out is where the pam_sss.so lines should go. Here's a copy of the > > /etc/pam.d/ directory in Arch Linux: http://ompldr.org/vZ2hxcw/pam.d.tar.bz2 > > > > I'd greatly appreciate it if someone could help me out :) Thanks! > > > > I gather that this is due to a lack of authconfig. > > Timo Aaltonen has been working on ipa-client (and server!) for Ubuntu > and he ran into similar problems but I'm not sure what solution he came > up with. > > I'll find someone with more PAM experience to try to give you more > practical help. > > rob Hi Rob, Thanks a lot for your reply! You;re right that this is due to the lack or authconfig (or any other tool to manage the PAM settings). I took a look at Ubuntu's packaging and it seems that Ubuntu's PAM is similar to Fedora's. Fedora uses a common /etc/pam.d/system-auth file and Ubuntu uses a common /etc/pam.d/common-auth file. Arch doesn't have a common PAM configuration file, so I'll need to change every file for every service that I want to authenticate with sssd. I didn't know that ipa-server is now working in Ubuntu. That's really great news! Best regards, Xiao-Long Chen </div> </div></body> </html>