10.3. Restricting domains for a PAM service
This procedure shows how to restrict a PAM service authentication against the domains.
Conditions préalables
- SSSD installed and running.
Procédure
Configure SSSD to access the required domain or domains. Define the domains against which SSSD can authenticate in the
domains
option in the/etc/sssd/sssd.conf
file:[sssd] domains = domain1, domain2, domain3
Specify the domain or domains to which a PAM service can authenticate by setting the
domains
option in the PAM configuration file. For example:auth sufficient pam_sss.so forward_pass domains=domain1 account [default=bad success=ok user_unknown=ignore] pam_sss.so password sufficient pam_sss.so use_authtok
In this example, you allow the PAM service to authenticate against
domain1
only.
Verification steps
-
Authenticate against
domain1
. It must be successful.