In my particular case, I have an issue with authentication because we use pam_listfile in conjunction with pam_sss. This made me notice this problem (GDM couldn't start).
For most users, the only consequence will be the error in the logs, that's correct. I wonder what would happen if the same username is used for a systemd dynamic user and a LDAP user though. Fixing pam_localuser is maybe the best. pam_sss could also be changed to ignore local users without depending on pam_localuser (using something similar to getent --service systemd). An other alternative would be to add an other PAM module (e.g. create a pam_systemduser). > changing the return value in pam_localuser to PAM_USER_UNKNOWN should do the trick Isn't the username still passed down to pam_sss if pam_localuser returns PAM_USER_UNKNOWN ? How would pam_sss reacts in this case ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2151186 Title: pam-configs/sss (pam_localuser.so) does not allow systemd dynamic users like gdm-greeter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2151186/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
