rpms
/
authselect
7
0
Fork 0
Code Issues Pull Requests Releases Activity
authselect/SOURCES/0017-sssd-add-support-for-l...

31 lines
1.9 KiB
Diff
Raw Blame History

From 088a2b92742cab5e1d8f71452c2ae0c0f183a6fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 8 Oct 2018 12:34:09 +0200
Subject: [PATCH 1/2] sssd: add support for local users authentication via
smart card
Resolves:
https://github.com/pbrezina/authselect/issues/23
---
profiles/sssd/system-auth | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
index 02922b16903372598052e36f3713ca5c3f4c8418..a3d351cd5c37fb065892a0b71ec5323fd13a957d 100644
--- a/profiles/sssd/system-auth
+++ b/profiles/sssd/system-auth
@@ -3,7 +3,9 @@ auth required pam_faildelay.so delay=
auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
auth sufficient pam_fprintd.so {include if "with-fingerprint"}
auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
-auth [default=1 ignore=ignore success=ok] pam_localuser.so
+auth [default=1 ignore=ignore success=ok] pam_localuser.so {exclude if "with-smartcard"}
+auth [default=2 ignore=ignore success=ok] pam_localuser.so {include if "with-smartcard"}
+auth [success=done authinfo_unavail=ignore ignore=ignore default=die] pam_sss.so try_cert_auth {include if "with-smartcard"}
auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
--
2.17.1
Reference in New Issue View Git Blame Copy Permalink