1.2. Choosing an authselect profile
As a system administrator, you can select a profile for the authselect utility for a specific host. The profile will be applied to every user logging into the host.
Conditions préalables
-
You need
rootcredentials to runauthselectcommands
Procédure
Select the
authselectprofile that is appropriate for your authentication provider. For example, for logging into the network of a company that uses LDAP, choosesssd.# authselect select
sssd(Optional) You can modify the default profile settings by adding the following options to the
authselect select sssdorauthselect select winbindcommand, for example:-
with-faillock -
with-smartcard -
with-fingerprint
-
To see the full list of available options, see Converting your scripts from authconfig to authselect
or the authselect-migration(7) man page.
Make sure that the configuration files that are relevant for your profile are configured properly before finishing the authselect select procedure. For example, if the sssd daemon is not configured correctly and active, running authselect select results in only local users being able to authenticate, using pam_unix.
Étapes de la vérification
Verify
sssentries for SSSD are present in/etc/nsswitch.conf:passwd: sss files group: sss files netgroup: sss files automount: sss files services: sss files ...
Review the contents of the
/etc/pam.d/system-authfile forpam_sss.soentries:# Generated by authselect on Tue Sep 11 22:59:06 2018 # Do not modify this file manually. auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet auth [default=1 ignore=ignore success=ok] pam_localuser.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_sss.so forward_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so ...
