[OpenAFS] How to replace pam_krb5 on RHEL 8 systems
Mon, 11 Jul 2022 09:43:48 -0400
>I wanted to mention that we are successfully doing ssh and gnome-shell
>logins with pam_sssd where sssd takes care of authN via kerberos and via
>ldap provides group information, and pam_afs_session to get afs tokens.
I guess _this_ is the part I'm confused about; why is pam_sss in there?
I know that other people do this so I'm sure there's a reason, but we
never found it necessary. We do use sssd, but only via nsswitch;
we control per-host access with ldap-based netgroups.