Ronny Forberger <ronnyforber...@ronnyforberger.de> writes: > # auth > auth sufficient pam_opie.so no_warn no_fake_prompts > auth requisite pam_opieaccess.so no_warn allow_local > #auth sufficient pam_krb5.so no_warn try_first_pass > #auth sufficient pam_ssh.so no_warn try_first_pass > auth sufficient /usr/local/lib/pam_sss.so > auth required pam_unix.so no_warn try_first_pass nullok
I don't have the answer to your question, but I'd like to point out that you don't need to include the full path to the module. PAM will look in /usr/local/lib if it can't find the module in /usr/lib. You can even leave out the .so suffix (since OpenPAM Nummularia / FreeBSD 9.3) Two other things: 1) make sure the service you're trying to use actually uses the system policy or a policy that includes it (sshd doesn't) and 2) if you add the "debug" keyword to every pam_sss line in your PAM policy, OpenPAM will log every call to the pam_sss module, everything it does on behalf of that module, and the outcome of the call through syslog (by default, it should go to /var/log/debug.log). DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
