[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: =?utf-8?q?=5BSSSD-users=5D?= sudo trying to use proxy for auth
From: Asif Iqbal <vadud3 () gmail ! com>
Date: 2017-10-17 21:15:08
Message-ID: CAOHBbgUJuyZQUuxZ-g6ESh54Kp+_rBzM_FSpUE=ppNnqFdv-Fw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I setup sssd to login with 2 factor auth and it works fine and then I am
failing to sudo with ldap even though id_provider is ldap.
Here is log from sssd_LDAP when running sudo -s
http://dpaste.com/36PTMS0.txt
Here is relevant config
[domain/LDAP]
chpass_provider = krb5
access_provider = ldap
id_provider = ldap
...
auth_provider = proxy
proxy_pam_target = securid
..
There is no sudo_* in here
sudo -s works if I use the auth provider, which is 2FA. So it seems like
sudo auth follows whatever auth_provider is set to?
Can I have ssh login with proxy as auth provider and sudo login with ldap
as auth provider?
I know both ssh and sudo login works with ldap and krb5, but I need to have
the ssh login with 2FA in my env.
Thanks for your help
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
[Attachment #5 (text/html)]
<div dir="ltr">I setup sssd to login with 2 factor auth and it works fine and then I \
am failing to sudo with ldap even though id_provider is ldap.<div><br></div><div>Here \
is log from sssd_LDAP when running sudo -s</div><div><br></div><div> <a \
href="http://dpaste.com/36PTMS0.txt">http://dpaste.com/36PTMS0.txt</a><br \
clear="all"><div><br></div><div>Here is relevant \
config</div><div><br></div><div>[domain/LDAP]<br></div><div>chpass_provider = \
krb5</div><div>access_provider = ldap</div><div>id_provider = \
ldap</div><div>...</div><div><div>auth_provider = proxy</div><div>proxy_pam_target = \
securid</div></div><div>..</div><div><br></div><div>There is no sudo_* in \
here</div><div><br></div><div>sudo -s works if I use the auth provider, which is 2FA. \
So it seems like sudo auth follows whatever auth_provider is set to? \
</div><div><br></div><div>Can I have ssh login with proxy as auth provider and sudo \
login with ldap as auth provider?</div><div><br></div><div>I know both ssh and sudo \
login works with ldap and krb5, but I need to have the ssh login with 2FA in my \
env.</div><div><br></div><div>Thanks for your help</div><div><br></div>-- <br><div \
class="gmail_signature">Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a \
href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a><br>A: Because it messes up \
the order in which people normally read text.<br>Q: Why is top-posting such a bad \
thing?<br><br></div> </div></div>
[Attachment #6 (text/plain)]
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic