PAM authentication in container (#2935)

* PAM authentication in container --------- Co-authored-by: Karl Eichwalder <[email protected]> Co-authored-by: Ornela Marić <[email protected]>
uyuni-project · Apr 17, 2024 · d883771 · d883771
1 parent 0b4a3d0
commit d883771
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 29 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,4 @@
+- Added PAM Authentication in Uyuni Container to Administration Guide
 - Remove visualization feature
 - Document channel synchronization options in Administration Guide
 - Added new workflow describing updating of clients using recurring actions

diff --git a/modules/administration/pages/auth-methods-pam.adoc b/modules/administration/pages/auth-methods-pam.adoc
@@ -1,44 +1,32 @@
 [[auth-methods-pam]]
 = Authentication With PAM
 
-{productname} supports network-based authentication systems using pluggable authentication modules (PAM).
+{productname} supports network-based authentication systems using pluggable authentication modules (PAM) using SSSD.
 PAM is a suite of libraries that allows you to integrate {productname} with a centralized authentication mechanism, eliminating the need to remember multiple passwords.
-{productname} supports LDAP, Kerberos, and other network-based authentication systems using PAM.
+{productname} supports LDAP, Kerberos, and other network-based authentication.
 
 
 
-.Procedure: Enabling PAM
-. Create a PAM service file at [path]``/etc/pam.d/susemanager``.
-  Filename must be in lower case and readable by ``tomcat`` user.
-  This file is used by {productname} to load the correct PAM configuration files:
+.Procedure: Configure SSSD
+. In the {productname} {webui}, navigate to menu:Users[Create User] and enable a new or existing user to authenticate with PAM.
+. Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox.
+  It is below the password and password confirmation fields.
+. Configure SSSD in the container. Connect inside the container using:
 +
 ----
-#%PAM-1.0
-auth     include        common-auth
-account  include        common-account
-password include        common-password
-session  include        common-session
+mgrctl term
 ----
-. On the {productname} Server, at the command prompt, as root, add the ``sss`` PAM module:
+Then change the file
 +
 ----
-pam-config -a --sss
+/etc/sssd/sssd.conf
 ----
-+
-This command adds the module to the ``/etc/pam.d/common-auth`` configuration file.
-We do not recommend editing this file directly.
-. Enforce the use of the service file by adding this line to [path]``/etc/rhn/rhn.conf``:
+. Restart {productname} using:
 +
 ----
-pam_auth_service = susemanager
+mgradm restart
 ----
-+
-In this example, the PAM service file is called [systemitem]``susemanager``.
-+
-. Restart the {productname} services after a configuration change.
-. In the {productname} {webui}, navigate to menu:Users[Create User] and enable a new or existing user to authenticate with PAM.
-. Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox.
-  It is below the password and password confirmation fields.
+
 
 
 [IMPORTANT]
@@ -50,10 +38,6 @@ Use the password change mechanism of your network service to change the password
 ====
 
 
-To configure system-wide authentication you can use YaST.
-You need to install the [package]``yast2-auth-client`` package.
-
-
 For more information about configuring PAM, the SUSE Linux Enterprise Server Security Guide contains a generic example that also works for other network-based authentication methods.
 It also describes how to configure an active directory service.
 For more information, see {sles-base-os-documentation}/part-auth.html.