Monday, May 26, 2025

[389-users] Re: How are you using the PAM PTA plugin? Survey

> On 20 May 2025, at 20:09, Mark Reynolds via 389-users <389-users@lists.fedoraproject.org> wrote:
>
> Hi Everyone,
>
> We are curious how everyone is using the PAM PTA plugin. There are basically two ways to configure the plugin, and they somewhat conflict with one another. Previous to 2012 you could only configure the plugin through the main plugin entry under cn=config:
>
> cn=PAM Pass Through Auth,cn=plugins,cn=config
>
> But after 2012 we added "config" child entries under the main plugin entry:
>
> cn=config, cn=PAM Pass Through Auth,cn=plugins,cn=config
>
> For backwards compatibility we still allowed users to use the main plugin entry although the child entry approach is what we wanted to use moving forward. So we've had this dual configuration approach and the CLI/UI weren't handling both correctly. Anyway we'd like to make this consistent and only allow the child entry config, but we'd like to know how everyone is using the PAM PTA plugin. Are you using the main config entry, or are you using the child entry approach?
>
> Thanks in advance for sharing your input!
>

From the SUSE perspective, we encourage people to use the config child entries, both in our migration tooling from openldap -> 389-ds, but also from the dsconf utility as the prefered method to update these configs.

I think there could be an easy migration path by lifting the cn=PAM Pass Through Auth main config into a "cn=<uuid>,cn=config,cn=PAM pta,..." entry.



--
Sincerely,

William Brown

Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia

--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)