[Freeipa-users] FreeIPA manual PAM setup help
Simo Sorce
simo at redhat.com
Fri Nov 30 02:08:02 UTC 2012
On Thu, 2012-11-29 at 20:55 -0500, 小龙 陈 wrote:
> And PAM is working!
Excellent!
> I've just finished a helper for setting up NSS and PAM for sssd. It
> basically does the following:
>
> 1. Looks for 'passwd', 'shadow', 'group', 'services', 'netgroup', and
> 'automount'
> in /etc/nsswitch.conf and adds 'sss' to it.
SSSD does not provide a shadow map so you shouldn't ad sss to shadow. It
will do no harm though, it will just be a noop.
> 2. Looks for pam_unix.so in every file in /etc/pam.d/, changes
> 'required'
> to 'sufficient', and adds an 'include' line for 'sss' right below
> itq. /etc/pam.d/sss
> contains the pam_sss.so lines.
>
> So far, I've tested sudo and su, and both are working :)
>
> Here's a link to the script:
> https://github.com/chenxiaolong/ArchLinux-Packages/blob/master/freeipa/sss-auth-setup.py
>
> If someone is bored, I'd appreciate it if he/she would take a look at
> it
> for glaring issues.
Cool stuff, I do not know Arch Linux default PAm stack configuration so
I can;t tell with certainty that the replace you make is perfect, but I
do not see anything stunningly bad.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list