search

zhaow-de / pam-keycloak-oidc

PAM module connecting to Keycloak for user authentication using OpenID Connect/OAuth2, with MFA/2FA/TOTP support
MIT License
61 stars 13 forks source link

Auth Fails when Local User is not present #7

Open paolo-ziosting opened 1 year ago

paolo-ziosting commented 1 year ago

I am trying to use this PAM module to authenticate when connecting through SSH.\ I have followed every step of the tutorial, and step 8 where the module is tested locally is successful :) ! \ I have added the following line to my /etc/pam.d/sshd file:

@include radiusd

However, I have found that if a local user does not exist with the same name as my Keycloak user, then the login attempts fail with the following message in /var/log/pam-keycloak-oidc.log:

 oauth2: cannot fetch token: 401 Unauthorized. Response: {"error":"invalid_grant","error_description":"Invalid user credentials"}

If I create a local user with the same name as my keycloak user (and a different/no password), the login attempt is successful and I instead see this line in /var/log/pam-keycloak-oidc.log:

Authentication succeeded
hathai25 commented 1 year ago

@paolo-ziosting have you resolved that? i'm encountering the same issue