[Freeipa-users] Debian: libpam-sss pam-configs update?
Jochen Hein
jochen at jochen.org
Wed Jan 4 09:39:37 UTC 2017
Hi,
I'm still working on my Debian systems to get local login to work with
OTP.
In /etc/pam.d/common-auth we have:
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_sss.so use_first_pass
On CentOS we have something more complicated in /etc/pam.d/system-auth:
auth [default=1 success=ok] pam_localuser.so
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
I think we need something more elaborated for debian to replicate the
(good!) experience from CentOS when asking for "First/Second Factor".
The four lines from above work well, but how can we get that into
pam-auth-update? Any ideas how this could be packaged?
Jochen
--
The only problem with troubleshooting is that the trouble shoots back.
More information about the Freeipa-users
mailing list