Hi all,
Since upgrading to Fedora 35 sssd+sudo+gssapi no longer works. In /etc/sssd/conf:
pam_gssapi_services = sudo, sudo-i
In /etc/pam.d/sudo:
#%PAM-1.0
auth sufficient pam_sss_gss.so
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke
session required pam_limits.so
session include system-auth
In /etc/pam.d/sudo-i:
#%PAM-1.0
auth sufficient pam_sss_gss.so
auth include sudo
account include sudo
password include sudo
session optional pam_keyinit.so force revoke
session include sudo
After adding debug to the pam_sss_gss.so module:
sudo -i
pam_sss_gss: sss_cli_getenv() call failed [2]: No such file or directory
pam_sss_gss: User not found
pam_sss_gss: sss_cli_getenv() call failed [2]: No such file or directory
pam_sss_gss: User not found
And it will ask for a password.
New bug introduced of something did change?
Hope someone can help!
Winfried
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
