[Freeipa-users] security, sssd, pam and web apps
Lachlan Musicman
datakid at gmail.com
Wed Jan 18 03:02:13 UTC 2017
Hi,
We have a new rstudio server that we'd like to have FreeIPA manage Auth on.
sssd works - I can login with my appropriate credentials via cli, but the
web interface doesn't accept the creds.
I've read http://www.freeipa.org/page/Web_App_Authentication#PAM_service
but we don't want to create a HBAC service - we aren't having much luck
with HBAC anyway (still working on that) but we also want all users to have
access to this web app.
The original /etc/pam.d/rstudio looks like:
#%PAM-1.0
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_unix.so nodelay
account required pam_unix.so
I've changed it to look like:
#%PAM-1.0
auth required pam_sss.so
account required pam_sss.so
This works - but does it create any other security issues?
cheers
L.
------
The most dangerous phrase in the language is, "We've always done it this
way."
- Grace Hopper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170118/5fb3ed82/attachment.htm>
More information about the Freeipa-users
mailing list