Hi,
I just used the default pam stack that came with a fresh install and added the lines needed to get sssd to work (since i am really not familar with the inner working of pam). I don't see anything in my pam stack that is # here are the per-package modules (the "Primary" block) session [default=1] pam_permit.so # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # The pam_umask module will set the umask according to the system default in # /etc/login.defs and user settings, solving the problem of different # umask settings with different shells, display managers, remote sessions etc. # See "man pam_umask". session optional pam_umask.so # and here are more per-package modules (the "Additional" block) session optional pam_krb5.so minimum_uid=1000 session optional pam_mkhomedir.so session required pam_unix.so session optional pam_sss.so session optional pam_systemd.so
________________________________________ From: Jakub Hrozek jhrozek@redhat.com Sent: Friday, December 16, 2016 12:12 PM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: logging into machine with AD credentials for the first time
On Fri, Dec 16, 2016 at 04:18:04PM +0000, Thomas Beaudry wrote:
Hi Jakub,
But none of my users is a group of nopasswdlogin
Then why is there pam_succeed_if set up this way in the pam stack? _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org