PAM_SSS_GSS(8) SSSD NAME pam_sss_gss - PAM GSSAPI SSSD SYNOPSIS pam_sss_gss.so [debug] pam_sss_gss.so GSSAPI SSSD. GSSAPI @_, Kerberos /_@. Kerberos Kerberos. [domain_realm] /etc/krb5.conf. SSSD GSSAPI. Kerberos , . pam_gssapi_check_upn True ( ), SSSD , , , ' . , , Kerberos, , LDAP. GSSAPI SSSD, pam_gssapi_services [pam] sssd.conf. SSSD ( , ipa ad). krb5_keytab. . sssd.conf(5) sssd-krb5(5), . Kerberos ' , , . pam_sss_gss.so , PAM. pam_gssapi_indicators_map [pam] sssd.conf, SSSD - . debug . auth PAM_SUCCESS PAM . PAM_USER_UNKNOWN GSSAPI . PAM_AUTH_ERR . PAM_AUTHINFO_UNAVAIL . . PAM_SYSTEM_ERR . SSSD. sudo, . GSSAPI sudo sssd.conf: [domain/MYDOMAIN] pam_gssapi_services = sudo, sudo-i PAM ( /etc/pam.d/sudo /etc/pam.d/sudo-i). ... auth sufficient pam_sss_gss.so ... SSSD, pam_sss_gss syslog . : 1. KRB5CCNAME, : sudo, , sudo PAM. KRB5CCNAME env_keep /etc/sudoers sudo LDAP. 2. , syslog <>: Kerberos, , . [domain_realm] /etc/krb5.conf, : 3. , syslog <>: , . kinit SSSD, . 4. , sssd-pam SSSD <> <>: , ' , . kswitch , , SSSD pam_gssapi_check_upn. [domain_realm] .myhostname = MYREALM sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd- krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd- sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5) AUTHORS SSSD -- https://pagure.io/SSSD/sssd/ SSSD 05/17/2024 PAM_SSS_GSS(8)