[Freeipa-users] [Solaris 10] Cannot login through console or ssh with ipa users
Nathan Peters
nathan at nathanpeters.com
Fri Feb 27 03:17:55 UTC 2015
Yes, we are trying to figure out why IPA users are not being handled
properly however
given that :
1. the method you suggested to troubleshoot my Solaris 10 system, adding
pam_permit.so to the stack, will never work because Solaris does not include
pam_permit.so.
so therefore
2. I had to come up with some different way to troubleshoot how or why
FreeIPA authorization is failing.
so therefore
3. Lacking the module you suggested, I chose an alternative approach : put
the pam configuration to a default and prove that no logins were broken
and once the basic pam configuration was proven then I had to :
4. I added the freeIPA components (kerberos) until something broke. In this
case, the ipa users were never able to login, so stating that adding
kerberos broke the whole pam stack so that not even a regular user could
login should have been a useful troubleshooting step.
So... perhaps you could answer one of 2 things
1. how do I troubleshoot a Solaris system without pam_permit.so?
and
2. why would adding kerberos in the exact way that the manual stated break
my whole pam stack so that both regular users and freeipa users could not
login?
-----Original Message-----
From: Dmitri Pal
Sent: Thursday, February 26, 2015 2:12 PM
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] [Solaris 10] Cannot login through console or
ssh with ipa users
root is not an ipa managed user so it is purely your pam configuration.
I thought we were trying to figure out why your ipa users are not
handled properly.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list