I figured it out -- for some reason /etc/pam.d/system-auth-ac didn't contain the pam_sss.so entries. I had been running authconfig --update, but that wasn't adding them to the file. So I ran authconfig --updateall, which did the trick.
Not sure why SSH login was working with SSSD, but maybe that uses a different config file.
Jacob
On 09 Sep 2014, at 23:11, Jacob Weber jacob@jacobweber.com wrote:
I figured it out -- for some reason /etc/pam.d/system-auth-ac didn't contain the pam_sss.so entries. I had been running authconfig --update, but that wasn't adding them to the file. So I ran authconfig --updateall, which did the trick.
Ah, I’m glad it works now.
For future reference, you can use: authconfig —enablesssd —enablesssdauth
To add sssd_nss and pam_sss to nsswitch.conf and pam.d config files respectively.
(Yes, the option names are quite confusing)
Not sure why SSH login was working with SSSD, but maybe that uses a different config file.
Chances are you were using either a SSH public key or maybe a Kerberos ticket, depending on your configuration. Both cases are handled by SSHD directly and bypass SSSD completely.
Jacob _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org