Bug 1195817
Summary: | Let SSSD prompt non-local users for passwords | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Sumit Bose <sbose> | ||||||
Component: | authconfig | Assignee: | Tomas Mraz <tmraz> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 22 | CC: | jlieskov, spoore, tmraz | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | authconfig-6.2.10-6.fc22 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | |||||||||
: | 1204864 (view as bug list) | Environment: | |||||||
Last Closed: | 2015-04-21 19:31:33 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1204864 | ||||||||
Attachments: |
|
Description
Sumit Bose
2015-02-24 16:16:45 UTC
I'd be happy to help here. Please tell me if you want me to provide a patch or if I shall test patches. Created attachment 1005470 [details]
Patch for authconfig 6.2.9
Created attachment 1005477 [details]
Patch for authconfig 6.2.10
Please find attached a patch which adds a new option --enableSSSDAuthPrompting which adds the pam_localuser line and changes the option of pam_sss to forward_pass in the auth section if SSSD authentication is enabled (explicit or implicit). Since with this approach no existing behavior is changed and the new behavior must be enabled explicitly (e.g. by ipa-client-install) I would like to ask you if you can consider to include the patch in the Fedora 22 version of authconfig. authconfig-6.2.10-4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/authconfig-6.2.10-4.fc22 Package authconfig-6.2.10-5.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing authconfig-6.2.10-5.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-5273/authconfig-6.2.10-5.fc22 then log in and leave karma (feedback). Package authconfig-6.2.10-6.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing authconfig-6.2.10-6.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-5273/authconfig-6.2.10-6.fc22 then log in and leave karma (feedback). seems to be fixed: [root@fedora1 ~]# authconfig --disablesssdauth --update [root@fedora1 ~]# grep localuser /etc/pam.d/* /etc/pam.d/fingerprint-auth:account sufficient pam_localuser.so /etc/pam.d/fingerprint-auth-ac:account sufficient pam_localuser.so /etc/pam.d/password-auth:account sufficient pam_localuser.so /etc/pam.d/password-auth-ac:account sufficient pam_localuser.so /etc/pam.d/smartcard-auth:account sufficient pam_localuser.so /etc/pam.d/smartcard-auth-ac:account sufficient pam_localuser.so /etc/pam.d/system-auth:account sufficient pam_localuser.so /etc/pam.d/system-auth-ac:account sufficient pam_localuser.so [root@fedora1 ~]# authconfig --enablesssdauth --update [root@fedora1 ~]# grep localuser /etc/pam.d/* /etc/pam.d/fingerprint-auth:account sufficient pam_localuser.so /etc/pam.d/fingerprint-auth-ac:account sufficient pam_localuser.so /etc/pam.d/password-auth:auth [default=1 success=ok] pam_localuser.so /etc/pam.d/password-auth:account sufficient pam_localuser.so /etc/pam.d/password-auth-ac:auth [default=1 success=ok] pam_localuser.so /etc/pam.d/password-auth-ac:account sufficient pam_localuser.so /etc/pam.d/smartcard-auth:account sufficient pam_localuser.so /etc/pam.d/smartcard-auth-ac:account sufficient pam_localuser.so /etc/pam.d/system-auth:auth [default=1 success=ok] pam_localuser.so /etc/pam.d/system-auth:account sufficient pam_localuser.so /etc/pam.d/system-auth-ac:auth [default=1 success=ok] pam_localuser.so /etc/pam.d/system-auth-ac:account sufficient pam_localuser.so authconfig-6.2.10-6.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |