diff --git a/system/kanidm-client.nix b/system/kanidm-client.nix
index bae7956..7cc99a9 100644
--- a/system/kanidm-client.nix
+++ b/system/kanidm-client.nix
@@ -30,6 +30,10 @@ in
 
       unixSettings = {
         pam_allowed_login_groups = cfg.allowedLoginGroups;
+        # Use short names (torjus) instead of SPN format (torjus@home.2rjus.net)
+        # This prevents "PAM user mismatch" errors with SSH
+        uid_attr_map = "name";
+        gid_attr_map = "name";
       };
     };
   };