Learn more about these different git repos.
Other Git URLs
NOTE: This is a minor regression of pam_sss vs pam_ldap.
When attempting to "su -" to root pam_unix gives a nice log message which gets fed to our log based IDS: Oct 7 09:57:20.000 sssdtest.la05.int su: pam_unix(su-l:auth): authentication failure; logname=jschroeder uid=7084 euid=0 tty=pts/94 ruser=jschroeder rhost= user=root
When su'ing to an account in ldap on an sssd client the message contains much less data: Oct 7 09:57:49.000 sssdtest.la05.int su: pam_sss(su-l:auth): received for user someldapuser: 8 (Insufficient credentials to access authentication data)
I've tried reordering pam_unix before pam_sss in the session section of /etc/pam.d/system-auth with no luck. I've also tried changing pam_sss in session from sufficient to optional and a few variations thereof.
Can pam_sss be taught to print the source and destination user when there are authentication failures locally via sudo or su?
Forgot to mention that pam_ldap uses pam_unix to spit out the error message. No ordering of pam_sss seems to do the same.
Fields changed
component: SSSD => PAM owner: somebody => sbose
I have send a patch to sssd-devel which changes the log style (https://fedorahosted.org/pipermail/sssd-devel/2009-October/000868.html). Tests which check log files will need an update.
tests: 0 => 1
milestone: SSSD Deferred => SSSD 1.1
Fixed by 80bf7e6
fixedin: => 1.0.0 milestone: SSSD 1.1 => SSSD 1.0 resolution: => fixed status: new => closed
rhbz: => 0
Metadata Update from @sejeff: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1264
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.