mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-05-05 04:06:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3696 from flatcar/tormath1/pam-sssd

Browse Source 
package.use: enable back sssd for pambase
This commit is contained in:
Mathieu Tortuyaux 2026-02-13 09:52:27 +01:00 committed by GitHub
commit d79e5424e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog/bugfixes/2026-02-10-sssd.md Normal file
View File

@ -0,0 +1 @@
- Enabled back PAM sssd support for LDAP authentication ([scripts#3696](https://github.com/flatcar/scripts/pull/3696))

4
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-auth/pambase/0001-Reorganize-the-login-sessions.patch vendored
View File

@ -1,4 +1,4 @@
From 3eb1fea6104cd4bbc978e11974f337549edaf2e4 Mon Sep 17 00:00:00 2001
From 7dce3aef1c67e5884aa7962c5c34a51d9760bd13 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Thu, 9 Oct 2025 17:32:38 +0200
Subject: [PATCH 1/2] Reorganize the login sessions
@ -163,5 +163,5 @@ index 150061f..690396f 100644
{% if sssd %}
--
2.51.0
2.52.0

27
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-auth/pambase/0002-Flatcar-modifications.patch vendored
View File

@ -1,14 +1,14 @@
From 55c811bb55334a9c5ba19e5c7ec61a9ede365a37 Mon Sep 17 00:00:00 2001
From 41efbef049829f738d1e6ad172f4b1a8bc6a6e6d Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Fri, 10 Oct 2025 11:47:43 +0200
Subject: [PATCH 2/2] Flatcar modifications
---
templates/system-auth.tpl | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
templates/system-auth.tpl | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 905d04f..c78f9d6 100644
index 905d04f..b211abb 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -9,11 +9,15 @@ auth [default={{ 3 + homed + (sssd * 3) }}] pam_permit.so
@ -30,7 +30,22 @@ index 905d04f..c78f9d6 100644
{% if homed %}
auth [success=2 default=ignore] pam_systemd_home.so
@@ -45,9 +49,13 @@ account [success={{ 2 if sssd else 1 }} default=ignore] pam_systemd_home.so
@@ -21,13 +25,11 @@ auth [success=2 default=ignore] pam_systemd_home.so
{% if sssd %}
auth sufficient pam_unix.so {{ nullok }} {{ debug }}
+auth sufficient pam_sss.so forward_pass {{ debug }}
{% else %}
auth [success=1 new_authtok_reqd=1 ignore=ignore default=bad] pam_unix.so {{ nullok }} {{ debug }} try_first_pass
{% endif %}
auth [default=die] pam_faillock.so authfail
-{% if sssd %}
-auth sufficient pam_sss.so forward_pass {{ debug }}
-{% endif %}
{% if caps %}
auth optional pam_cap.so
{% endif %}
@@ -45,9 +47,13 @@ account [success={{ 2 if sssd else 1 }} default=ignore] pam_systemd_home.so
account required pam_unix.so {{ debug }}
account required pam_faillock.so
{% if sssd %}
@ -48,5 +63,5 @@ index 905d04f..c78f9d6 100644
{% endif %}
--
2.51.0
2.52.0

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use vendored
View File

@ -193,7 +193,7 @@ sys-apps/gawk -mpfr
# We never had passwdqc stuff in old pam sys configs, so disable it
# for now. Maybe this is something to enable later.
sys-auth/pambase securetty -passwdqc
sys-auth/pambase securetty -passwdqc sssd
# We run the server in a container.
dev-db/etcd -server