[Freeipa-users] FreeIPA manual PAM setup help

[小龙 陈]

> Date: Thu, 29 Nov 2012 10:26:00 -0500
> From: rcritten at redhat.com
> To: chillermillerlong at hotmail.com
> CC: freeipa-users at redhat.com; tjaalton at ubuntu.com
> Subject: Re: [Freeipa-users] FreeIPA manual PAM setup help
> 
> 小龙 陈 wrote:
> > Hi,
> >
> > I've been working on porting the FreeIPA client to Arch Linux lately and
> > I'm now to the last step of the puzzle. Everything works the way it
> > should, except for PAM, which I don't know how to setup.
> >
> > I must admit that I'm very confused my the PAM configuration (which PAM
> > module does what, the order of the modules, etc). What I'm trying to
> > find out is where the pam_sss.so lines should go. Here's a copy of the
> > /etc/pam.d/ directory in Arch Linux: http://ompldr.org/vZ2hxcw/pam.d.tar.bz2
> >
> > I'd greatly appreciate it if someone could help me out :) Thanks!
> >
> 
> I gather that this is due to a lack of authconfig.
> 
> Timo Aaltonen has been working on ipa-client (and server!) for Ubuntu 
> and he ran into similar problems but I'm not sure what solution he came 
> up with.
> 
> I'll find someone with more PAM experience to try to give you more 
> practical help.
> 
> rob

Hi Rob,

Thanks a lot for your reply! You;re right that this is due to the lack or authconfig
(or any other tool to manage the PAM settings). I took a look at Ubuntu's packaging
and it seems that Ubuntu's PAM is similar to Fedora's. Fedora uses a common
/etc/pam.d/system-auth file and Ubuntu uses a common /etc/pam.d/common-auth file.
Arch doesn't have a common PAM configuration file, so I'll need to change every file
for every service that I want to authenticate with sssd.

I didn't know that ipa-server is now working in Ubuntu. That's really great news!

Best regards,
Xiao-Long Chen
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121129/6b3b3201/attachment.htm>