[Freeipa-users] HBAC rules don't work with PAM - problem
Vangass
vangass at gazeta.pl
Mon May 11 11:19:01 UTC 2015
Hello,
I have a problem with HBAC rules with conjunction with PAM authentication.
What I try to do is to authenticate users: tac_plus - PAM (pam_sssd) -
FreeIPA.
It works just fine but without checking HBAC rules.
What I did:
- disabled allow_all rule
- created new rule with one user and one service (tac_plus)
And then, if I try to authenticate another user which is not in above rule
then authetication is accepted and this user gets logged in.
In logs, what I didn't find is an information about checking HBAC rules...
Of course, when I use HBAC Test then everything is correct - one user is
granted and another is declined.
# cat /etc/pam.d/tac_plus
auth required pam_sss.so
account required pam_sss.so
Did I miss something?
Thanks,
Bartek Witkowski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150511/46a2b9a9/attachment.htm>
More information about the Freeipa-users
mailing list