Date: Fri, 3 Apr 2026 19:17:29 +0200 From: A FreeBSD User <freebsd@walstatt-de.de> To: Gleb Popov <arrowd@freebsd.org> Cc: freebsd-x11@freebsd.org, FreeBSD Ports <freebsd-ports@freebsd.org> Subject: Re: x11/xdm with PAM and security/sssd2: not working Message-ID: <20260403191756.1a720c7d@thor.sb211.local> In-Reply-To: <CALH631=5uVuPx%2B3ue%2BL=or0D0mq%2BpzZOX2N6prfdCKzWNGnp0g@mail.gmail.com> References: <20260322161501.690d8923@thor.sb211.local> <CALH631ku629X3Zq1Nmx_Zr2X4x9TX7_6BLYCmHZ-Op-0KLUGDg@mail.gmail.com> <20260322231229.1421f764@thor.sb211.local> <CALH631m214BR8oabhsEQR3F7QYkcuOhr7bqzrAoyfAHX%2B33qGQ@mail.gmail.com> <20260325131602.4048563c@thor.sb211.local> <CALH631mWi_e96ZrY5Vw7hB%2BWETR8BoEM2DH1sxz_i_miRwOC4A@mail.gmail.com> <20260326190131.66aff61d@thor.sb211.local> <CALH631=5uVuPx%2B3ue%2BL=or0D0mq%2BpzZOX2N6prfdCKzWNGnp0g@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Am Tage des Herren Sat, 28 Mar 2026 20:27:07 +0300 Gleb Popov <arrowd@freebsd.org> schrieb: > On Thu, Mar 26, 2026 at 9:02 PM A FreeBSD User <freebsd@walstatt-de.de> wrote: > > > > Nearby: when checking as root > > > > pamtester xdm ohartmann authenticate acct_mgmt open_session close_session > > > > I see up to acct_mgmt in the log - but nothing for open_session close_session. > > I just remembered about this: https://github.com/SSSD/sssd/pull/7761/changes > Try adding the allow_chauthtok_by_root option into PAM configuration. > Thank you for the hint. I had the chance to put the referenced token into /etc/pam.d/xdm. Since lib_sss.so seems to be very tolerant with respect to were I put the token, I tried every section and exclusively auth and accounting or at all positions. NO effect. I'm not very firm in terms of how the PAM stack works, I assume "xdm" is using the file /etc/pam.d/xdm exclusively - not using another trailing module or not being a consecutive module while another module (like login?) takes password and login credentials. Without a proper logging I'm flying blind here and it seems that sssd2 isn't coping with xdm or its way to provide credential. I have to underline that any other pam method (or whatever login, sshd etc. is called) is working flawless. Kind regards, oh -- A FreeBSD user [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRQheDybVktG5eW/1Kxzvs8OqokrwUCac/2RAAKCRCxzvs8Oqok ryJwAP4iutYulISkwzux3543w2Zw9JAnLdlKURhHOqQ24q+awwD9FZuiDYY5tKyJ 71ME8tTuTQ3IiiH5m4hqPhemji16Sgk= =wDgK -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20260403191756.1a720c7d>