torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

system: fix kanidm PAM user mismatch
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m1s
Details

Browse Source 
Configure uid_attr_map and gid_attr_map to use short names instead of
SPN format. This fixes SSH failing with "PAM user mismatch" because
getent returned "torjus@home.2rjus.net" instead of "torjus".

Also add user-management documentation.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-08 13:55:11 +01:00
parent 189cfc890c
commit bab59665fd
2 changed files with 167 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
system/kanidm-client.nix
View File

@@ -30,6 +30,9 @@ in
unixSettings = {
pam_allowed_login_groups = cfg.allowedLoginGroups;
# Use short names (e.g., "torjus") instead of SPN (e.g., "torjus@home.2rjus.net")
uid_attr_map = "name";
gid_attr_map = "name";
};
};
};