'=?utf-8?q?=5BSSSD-users=5D?= sudo trying to use proxy for auth'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sssd-users
Subject:    =?utf-8?q?=5BSSSD-users=5D?= sudo trying to use proxy for auth
From:       Asif Iqbal <vadud3 () gmail ! com>
Date:       2017-10-17 21:15:08
Message-ID: CAOHBbgUJuyZQUuxZ-g6ESh54Kp+_rBzM_FSpUE=ppNnqFdv-Fw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


I setup sssd to login with 2 factor auth and it works fine and then I am
failing to sudo with ldap even though id_provider is ldap.

Here is log from sssd_LDAP when running sudo -s

   http://dpaste.com/36PTMS0.txt

Here is relevant config

[domain/LDAP]
chpass_provider = krb5
access_provider = ldap
id_provider = ldap
...
auth_provider = proxy
proxy_pam_target = securid
..

There is no sudo_* in here

sudo -s works if I use the auth provider, which is 2FA. So it seems like
sudo auth follows whatever auth_provider is set to?

Can I have ssh login with proxy as auth provider and sudo login with ldap
as auth provider?

I know both ssh and sudo login works with ldap and krb5, but I need to have
the ssh login with 2FA in my env.

Thanks for your help

-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[Attachment #5 (text/html)]

<div dir="ltr">I setup sssd to login with 2 factor auth and it works fine and then I \
am failing to sudo with ldap even though id_provider is ldap.<div><br></div><div>Here \
is log from sssd_LDAP when running sudo -s</div><div><br></div><div>     <a \
href="http://dpaste.com/36PTMS0.txt">http://dpaste.com/36PTMS0.txt</a><br \
clear="all"><div><br></div><div>Here is relevant \
config</div><div><br></div><div>[domain/LDAP]<br></div><div>chpass_provider = \
krb5</div><div>access_provider = ldap</div><div>id_provider = \
ldap</div><div>...</div><div><div>auth_provider = proxy</div><div>proxy_pam_target = \
securid</div></div><div>..</div><div><br></div><div>There is no sudo_* in \
here</div><div><br></div><div>sudo -s works if I use the auth provider, which is 2FA. \
So it seems like sudo auth follows whatever auth_provider is set to?  \
</div><div><br></div><div>Can I have ssh login with proxy as auth provider and sudo \
login with ldap as auth provider?</div><div><br></div><div>I know both ssh and sudo \
login works with ldap and krb5, but I need to have the ssh login with 2FA in my \
env.</div><div><br></div><div>Thanks for your help</div><div><br></div>-- <br><div \
class="gmail_signature">Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a \
href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a><br>A: Because it messes up \
the order in which people normally read text.<br>Q: Why is top-posting such a bad \
thing?<br><br></div> </div></div>


[Attachment #6 (text/plain)]

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic