From 5d3427ef40d2f10a4e09a6854b473cf3d2ca94e8 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mar 08 2017 10:39:05 +0000 Subject: Enable SSSD authentication also for local users New SSSD version of pam_sss.so will check if there is already a password available and if so it tryies to authenticate with it without breaking two factor authentication support. Thus we can relay condition for pam_unix. More information: https://pagure.io/SSSD/sssd/issue/2984 --- diff --git a/authconfig.spec.in b/authconfig.spec.in index 8cca24b..87425bf 100644 --- a/authconfig.spec.in +++ b/authconfig.spec.in @@ -10,7 +10,7 @@ Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2 Requires: pam >= 0.99.10.0, python3, libpwquality > 0.9 Requires: python3-sssdconfig Conflicts: pam_krb5 < 1.49, samba-common < 3.0, samba-client < 3.0 -Conflicts: nss_ldap < 254, sssd < 0.99.1 +Conflicts: nss_ldap < 254, sssd < 1.15.1 Conflicts: freeipa-client < 2.2.0, ipa-client < 2.2.0 BuildRequires: glib2-devel BuildRequires: python3-devel diff --git a/authinfo.py b/authinfo.py index 071514d..3700f79 100644 --- a/authinfo.py +++ b/authinfo.py @@ -3586,7 +3586,7 @@ class AuthInfo: # do not continue to following modules if authentication fails if name == "unix" and stack == "auth" and (self.enableSSSDAuth or self.implicitSSSDAuth) and (not self.enableNIS): - logic = LOGIC_FORCE_PKCS11 # make it or break it logic + logic = LOGIC_SUFFICIENT # use oddjob_mkhomedir if available if name == "mkhomedir" and os.access("%s/pam_%s.so" % (AUTH_MODULE_DIR, "oddjob_mkhomedir"), os.X_OK):