Allow LDAP users that are not visible to pam_unix (bsc#1256791)#11433
Open
nadvornik wants to merge 1 commit intouyuni-project:masterfrom
Open
Allow LDAP users that are not visible to pam_unix (bsc#1256791)#11433nadvornik wants to merge 1 commit intouyuni-project:masterfrom
nadvornik wants to merge 1 commit intouyuni-project:masterfrom
Conversation
aaannz
previously approved these changes
Feb 2, 2026
rjmateus
approved these changes
Feb 3, 2026
Contributor
|
@rjmateus btw. I was discussing with @nadvornik if it would be feasible to completely remove pam_unix and pam_localuser and keep only pam_sss in account. Do you have any insight here? |
Member
|
@aaannz I think we added to allow authentication with machine local users. I think it would also allow users to log in to the machine using LDAP. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR change?
This PR modifies pam.d/susemanager-account to not fail on users that are unknown to pam_unix.
The users can be configured in LDAP as Uyuni-only users, they do not have to be visible to the OS via pam_unix.
[success=ok new_authtok_reqd=ok ignore=ignore user_unknown=ignore default=die]is the same asrequisite, except foruser_unknown=ignoreCodespace
Check if you already have a running container clicking on
GUI diff
No difference.
Documentation
No documentation needed: bugfix
DONE
Test coverage
ℹ️ If a major new functionality is added, it is strongly recommended that tests for the new functionality are added to the Cucumber test suite
No tests: add explanation
DONE
Links
Issue(s): https://github.com/SUSE/spacewalk/issues/29438
https://bugzilla.suse.com/show_bug.cgi?id=1256791
Port(s): # add downstream PR(s), if any
Changelogs
Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository
If you don't need a changelog check, please mark this checkbox:
If you uncheck the checkbox after the PR is created, you will need to re-run
changelog_test(see below)Re-run a test
If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run:
Before you merge
Check How to branch and merge properly!