Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
GCE OSLogin module: init #51566
Motivation for this change
so far, logging in using the snakeoil ssh keys works, but there is some pam weirdness going on:
I guess, that's the reason fro why
This was referenced
Dec 6, 2018
referenced this pull request
Dec 11, 2018
@flokli I think it should be like that for all module not just sssd.
Even this part
it should not be sufficient. I would suggest removing the
Reading up on https://wiki.debian.org/LDAP/PAM, it seems this should at least work if all these 'external' pam modules provide an nss module, too. There are other examples on what can/should be done instead - but it seems to be very a combinatory hell.
Maybe we should limit the pam module to only allow one external pam module (sssd/ldap/oslogin/kerberos) to be active, and check configuration for them?