sssd with files and krb5

Posted on

I had this setup working fine under RHEL 7.1 across all services, but out of the box on 7.2 it doesn't seem to work at all for console or SSH login. Any thoughts on what changed?

[sssd]
config_file_version = 2
services = nss, pam
domains = PROXY_KRB5

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/PROXY_KRB5]
cache_credentials = true

id_provider = proxy
proxy_lib_name = files
auth_provider = krb5
chpass_provider = krb5

krb5_server = my.server
krb5_realm = MY.REALM
krb5_store_password_if_offline = true

system-auth-ac is generated by authconfig:

auth        required      pam_env.so
auth        [default=1 success=ok] pam_localuser.so
auth        [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient    pam_sss.so forward_pass
auth        required      pam_deny.so

Responses