[Freeipa-users] [Solaris 10] Cannot login through console or ssh with ipa users

[Nathan Peters]

Yes, we are trying to figure out why IPA users are not being handled 
properly however
given that :
1. the method you suggested to troubleshoot my Solaris 10 system, adding 
pam_permit.so to the stack, will never work because Solaris does not include 
pam_permit.so.
so therefore
2. I had to come up with some different way to troubleshoot how or why 
FreeIPA authorization is failing.
so therefore
3. Lacking the module you suggested, I chose an alternative approach : put 
the pam configuration to a default and prove that no logins were broken
and once the basic pam configuration was proven then I had to :
4. I added the freeIPA components (kerberos) until something broke.  In this 
case, the ipa users were never able to login, so stating that adding 
kerberos broke the whole pam stack so that not even a regular user could 
login should have been a useful troubleshooting step.

So... perhaps you could answer one of 2 things
1. how do I troubleshoot a Solaris system without pam_permit.so?
and
2. why would adding kerberos in the exact way that the manual stated break 
my whole pam stack so that both regular users and freeipa users could not 
login?

-----Original Message----- 
From: Dmitri Pal
Sent: Thursday, February 26, 2015 2:12 PM
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] [Solaris 10] Cannot login through console or 
ssh with ipa users
root is not an ipa managed user so it is purely your pam configuration.
I thought we were trying to figure out why your ipa users are not
handled properly.


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project