Stephen Gallagher wrote: > On 04/21/2010 03:10 AM, Tomas Mraz wrote: >> On Wed, 2010-04-21 at 14:04 +1000, David O'Brien wrote: >>> Tomas Mraz wrote: >>>> On Thu, 2010-04-15 at 14:24 +1000, David O'Brien wrote: >>>>> I'm using the authconfig gui on rhel6 beta to set up SSSD, and I get the >>>>> following message: >>>>> >>>>> Authentication module /lib/security/pam_pkcs11.so is missing. >>>>> Authentication process might not work correctly. >>>>> >>>>> /var/log/sssd/sssd_pam.log is empty >>>>> /var/log/messages has nothing significant >>>>> >>>>> The sssd service is running, but I don't know what's going to work (or >>>>> not). >>>>> >>>>> Is there something else I need to install for this? >>>>> I'll provide more info if I get it. >>>> Please try newer authconfig packages. The current build in brew for >>>> RHEL-6 is authconfig-6.1.3-3.el6. >>>> https://brewweb.devel.redhat.com/buildinfo?buildID=130102 >>>> >>> Yes, I did that, and I now have a completely different GUI for >>> Authentication Configuration, which lacks any (visible) means of >>> configuring SSSD. >>> >>> Where should I go from here? >> The GUI automatically chooses to use the SSSD if the configured >> combination of user-id and authentication methods are supported by it. >> >> You can see whether SSSD is used if you find sss in /etc/nsswitch.conf >> instead of ldap in the passwd line. > > > As Tomas said, we have eliminated the need for the user of the > authconfig UI to know that SSSD is being used under the hood. The old UI > was much too confusing for SSSD (and required a level of knowledge equal > to or greater than editing the config file directly) > > Now, customers will be provided with SSSD silently if their > configuration supports it. > > The configurations that will trigger the use of SSSD are: > > User Account Database: LDAP > Authentication Method: LDAP or Kerberos > What happened to LOCAL/LOCAL?
There is an example in the current doc that explains how to set up a standalone, local SSSD domain, and I was in the process of using that to put together a procedure using the GUI. That's what led to the initial problem that started this thread. Maybe I need to rewind and start over... -- David O'Brien Red Hat Asia Pacific Pty Ltd He who asks is a fool for five minutes, but he who does not ask remains a fool forever." ~ Chinese proverb _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
