ghoneycutt
commented
7 years ago You can specify these by using your own *_auth_lines parameters.
The module does not support smartcard and fingerprint, though I'm guessing those are really just symlinked to something else like system-auth.
What platform are you on? Can you confirm if the files above are symlinks or have the same content as system-auth or another -auth-ac file?
Because we use sssd to authenticate against AD and because AD allows groups with spaces in the name, in our environment we have to configure pam to use "listsep=," for "pam_access.so" entries in fingerprint-auth-ac password-auth-ac smartcard-auth-ac system-auth-ac
For example: account required pam_access.so listsep=,
And then in access.conf, we configure the list of locations separated with commas: For example:
I've "worked around it" via brute force by customizing the templates in my own copy of your module such that it ONLY supports using "listsep=," however it would be great (and likely useful for others) if this module supported doing that properly.