For configurations where the pam_sss.so module is used in more complex PAM configurations (i.e. pam_unix + pam_sss + pam_some_mfa), the required, requisite, sufficient, substack, and optional control flags may not provide sufficient logic, so the use of the [...] syntax is needed to implement some configurations.
Incorporating the return codes used into the pam_sss man files, similarly as is done with the pam_securetty module, and identifying the contexts to use them in would be very helpful when these configuration needs arise.
Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.0
to comment on this ticket.
Copyright © 2014-2018 Red Hat
4.0.3 — Documentation