[SLES] common-*-pc files get always re-created

[v4ld3r5]

Hi, We are using this module together with ghoneycutt/pam and it works fine, but it keeps constantly changing the common-*-pc files. It's annoying cause happens on every puppet agent run. It always applies the same changes.

Looks like it's just after:

Notice: /Stage[main]/Sssd/Exec[pam-config -a --sss]/returns: executed successfully
Notice: /Stage[main]/Pam/File[pam_common_auth_pc]/content:

I will have a look tomorrow at the code and see if I can help troubleshooting. Best regards,

[ghoneycutt]

Thanks @v4ld3r5

What platform(s) do you see this on?

Are you using the latest version of this module?

What version of Puppet are you using?

[v4ld3r5]

Hi, It is happening on SLES11 and 12. Yep we are using version 2.3.0, and for Puppet we are on version 5:

$ puppet --version
5.3.2
$ puppetserver --version
puppetserver version: 5.1.3

Best regards

[ghoneycutt]

Perhaps you have pam configured to not have the session lines that sssd is looking for

https://github.com/sgnl05/sgnl05-sssd/blob/master/manifests/init.pp#L203-L205

[v4ld3r5]

Hi, Sorry for the delay, I've verified and the issue is on our end. Didn't notice until know that we were using a deprecated option:

# /usr/sbin/pam-config -q --sss | grep session:
Unknown option for pam_sss.so, ignored: 'pam_verbosity'

In the past we were managing the pam configs as regular file resources and the issue never popped up until now. Plus another issue is we weren't setting up "pam_sss" at session level.

Now it works as expected. I will close this. Thanks for the help