Date: Mon, 14 Nov 2016 10:26:25 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Ronny Forberger <ronnyforberger@ronnyforberger.de> Cc: Alan Hicks via freebsd-security <freebsd-security@freebsd.org> Subject: Re: I have no name prompt and no passwords recognized Message-ID: <8660nq9zum.fsf@desk.des.no> References: <585949692.395252.1478970441730.JavaMail.open-xchange@app04.ox.hosteurope.de> <0ebb4aa6-58bd-4420-42fb-ba8bc2383243@p-o.co.uk> <1398329212.417534.1479032950521.JavaMail.open-xchange@app03.ox.hosteurope.de> <1177095935.420844.1479053158201.JavaMail.open-xchange@app03.ox.hosteurope.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Ronny Forberger <ronnyforberger@ronnyforberger.de> writes: > # auth > auth sufficient pam_opie.so no_warn no_fake_prompts > auth requisite pam_opieaccess.so no_warn allow_local > #auth sufficient pam_krb5.so no_warn try_first_pass > #auth sufficient pam_ssh.so no_warn try_first_pass > auth sufficient /usr/local/lib/pam_sss.so > auth required pam_unix.so no_warn try_first_pass nullok I don't have the answer to your question, but I'd like to point out that you don't need to include the full path to the module. PAM will look in /usr/local/lib if it can't find the module in /usr/lib. You can even leave out the .so suffix (since OpenPAM Nummularia / FreeBSD 9.3) Two other things: 1) make sure the service you're trying to use actually uses the system policy or a policy that includes it (sshd doesn't) and 2) if you add the "debug" keyword to every pam_sss line in your PAM policy, OpenPAM will log every call to the pam_sss module, everything it does on behalf of that module, and the outcome of the call through syslog (by default, it should go to /var/log/debug.log). DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8660nq9zum.fsf>