torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

kanidm-client: use short names instead of SPN format
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m0s
Details

Browse Source 
Configure uid_attr_map and gid_attr_map to "name" to return short
usernames (torjus) instead of SPN format (torjus@home.2rjus.net).
This fixes "PAM user mismatch" errors with SSH authentication.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-08 14:22:31 +01:00
parent 74cdfae596
commit ad144bb574
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
system/kanidm-client.nix
View File

@@ -30,6 +30,10 @@ in
unixSettings = { unixSettings = {
pam_allowed_login_groups = cfg.allowedLoginGroups; pam_allowed_login_groups = cfg.allowedLoginGroups;
# Use short names (torjus) instead of SPN format (torjus@home.2rjus.net)
# This prevents "PAM user mismatch" errors with SSH
uid_attr_map = "name";
gid_attr_map = "name";
}; };
}; };
}; };