[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: =?utf-8?q?=5BSSSD-users=5D?= Re: Passwd fails in SSSD 2.4.2 [SOLVED]
From: Paweł_Szafer <pszafer () gmail ! com>
Date: 2021-05-11 20:22:27
Message-ID: CAJrMv73qSLZDaihGn6zeUVyx4Q=UyaJC9LdTLUo5b0Cw-CVNXw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
wt., 11 maj 2021 o 18:09 Sumit Bose <sbose@redhat.com> napisał(a):
> Am Tue, May 11, 2021 at 03:31:22PM +0200 schrieb Paweł Szafer:
> > Hi, sure.
> > My auth files are based on this:
> > -
> https://wiki.archlinux.org/title/LDAP_authentication#PAM_Configuration_2
> > - and this: https://sssd.io/docs/ad/ad-provider-manual.html#id6
> >
> > but sssd.io docs are based on Debian/Ubuntu common-auth so I had to
> > improvise...
> >
> > passwd file:
> >
> > password include system-auth
> >
> > system-auth file:
> >
> > auth sufficient pam_unix.so try_first_pass nullok
> > auth sufficient pam_sss.so forward_pass
> > auth optional pam_permit.so
> > auth required pam_env.so
> > auth requisite pam_deny.so
> >
> > account required pam_unix.so
> > account [default=bad success=ok user_unknown=ignore] pam_sss.so
> > account optional pam_permit.so
> > account required pam_time.so
> >
> > password sufficient pam_unix.so try_first_pass nullok sha512 shadow
> > use_authtok
> > password sufficient pam_sss.so use_authtok
>
> Hi,
>
> with use_authtok both pam_unix.so and pam_sss.so expect that another
> module is prompting for the new password, e.g.
>
> password requisite pam_pwquality.so try_first_pass local_users_only
> password sufficient pam_unix.so sha512 shadow nullok try_first_pass
> use_authtok
> password sufficient pam_sss.so use_authtok
> password required pam_deny.so
>
> HTH
>
> bye,
> Sumit
>
Hi, it's working now!
Thank you for your help!
bye,
Pawel
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr"><div><div dir="ltr" class="gmail_signature" \
data-smartmail="gmail_signature">wt., 11 maj 2021 o 18:09 Sumit Bose <<a \
href="mailto:sbose@redhat.com">sbose@redhat.com</a>> \
napisał(a):<br></div></div></div><div class="gmail_quote"><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">Am Tue, May 11, 2021 at 03:31:22PM +0200 schrieb \
Paweł Szafer:<br> > Hi, sure.<br>
> My auth files are based on this:<br>
> - <a href="https://wiki.archlinux.org/title/LDAP_authentication#PAM_Configuration_2" \
rel="noreferrer" target="_blank">https://wiki.archlinux.org/title/LDAP_authentication#PAM_Configuration_2</a><br>
> - and this: <a href="https://sssd.io/docs/ad/ad-provider-manual.html#id6" \
rel="noreferrer" target="_blank">https://sssd.io/docs/ad/ad-provider-manual.html#id6</a><br>
> <br>
> but <a href="http://sssd.io" rel="noreferrer" target="_blank">sssd.io</a> docs \
are based on Debian/Ubuntu common-auth so I had to<br> > improvise...<br>
> <br>
> passwd file:<br>
> <br>
> password include system-auth<br>
> <br>
> system-auth file:<br>
> <br>
> auth sufficient pam_unix.so try_first_pass nullok<br>
> auth sufficient pam_sss.so forward_pass<br>
> auth optional pam_permit.so<br>
> auth required pam_env.so<br>
> auth requisite pam_deny.so<br>
> <br>
> account required pam_unix.so<br>
> account [default=bad success=ok user_unknown=ignore] pam_sss.so<br>
> account optional pam_permit.so<br>
> account required pam_time.so<br>
> <br>
> password sufficient pam_unix.so try_first_pass nullok sha512 \
shadow<br> > use_authtok<br>
> password sufficient pam_sss.so use_authtok<br>
<br>
Hi,<br>
<br>
with use_authtok both pam_unix.so and pam_sss.so expect that another<br>
module is prompting for the new password, e.g.<br>
<br>
password requisite pam_pwquality.so try_first_pass local_users_only<br>
password sufficient pam_unix.so sha512 shadow nullok try_first_pass \
use_authtok<br> password sufficient pam_sss.so use_authtok<br>
password required pam_deny.so<br>
<br>
HTH<br>
<br>
bye,<br>
Sumit<br></blockquote><div><br></div><div>Hi, it's working now!</div><div>Thank \
you for your help!</div><div><br></div><div>bye,</div><div>Pawel </div></div></div>
[Attachment #6 (text/plain)]
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic