You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because we use sssd to authenticate against AD and because AD allows groups with spaces in the name, in our environment we have to configure pam to use "listsep=," for "pam_access.so" entries in
fingerprint-auth-ac
password-auth-ac
smartcard-auth-ac
system-auth-ac
For example:
account required pam_access.so listsep=,
And then in access.conf, we configure the list of locations separated with commas:
For example:
: (some adgroup): 1.2.3.4, 5.6.7.8, LOCAL
I've "worked around it" via brute force by customizing the templates in my own copy of your module such that it ONLY supports using "listsep=," however it would be great (and likely useful for others) if this module supported doing that properly.
The text was updated successfully, but these errors were encountered:
Because we use sssd to authenticate against AD and because AD allows groups with spaces in the name, in our environment we have to configure pam to use "listsep=," for "pam_access.so" entries in
fingerprint-auth-ac
password-auth-ac
smartcard-auth-ac
system-auth-ac
For example:
account required pam_access.so listsep=,
And then in access.conf, we configure the list of locations separated with commas:
For example:
I've "worked around it" via brute force by customizing the templates in my own copy of your module such that it ONLY supports using "listsep=," however it would be great (and likely useful for others) if this module supported doing that properly.
The text was updated successfully, but these errors were encountered: