Linux authentication without existing user account

I’ve successfully set up Privacyidea on Centos with ldapresolver. I configured PAM on a separate Centos client, and it can successfully authenticate to Privacyidea as long as there is a corresponding username on the local system.

I’ve set up Linux boxes with LDAP authentication in the past, and using authconfig to modify the nsswitch.conf file, was able to log in with LDAP credentials and no corresponding user account on the system. I’m trying to do the same with Privacyidea. However, while authconfig has switches to enable other authentication methods like LDAP, I don’t know of a way to modify it so it will act the same when Privacyidea authenticates.

privacyIDEA only acts for the PAM scope auth. You need to configure the scope account independent from this.

Ahhhh, so I use Privacyidea for auth, then direct to LDAP for account. Gotcha, that worked, thanks!!

1 Like