info-sssd and pam authentication

We discovered that the info-sssd plugin doesn’t play nicely when the pam auth plugin is used. This is because info-sssd relies on mod_identity_lookup in Apache to lookup the authenticated REMOTE_USER and retrieve the attributes. The pam auth plugin authenticates directly from within Ipsilon so mod_lookup_identity never gets invoked and no attributes are generated.

The solution is to disable the pam auth plugin and use the form plugin instead.

We are going to solve this more gently in the future by providing “login stacks.” Basically a set of known working stacks that can be applied to a given SP as avenues for authentication and info retrieval. We’re not quite there yet.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s