On the Resource, you need to configure the trust to the Core and Idp web server certificate. You can check if the certificate is OK by running the command:

$ curl https://pam.indeed-id.local

 Open the /etc/pamsu.conf file in any editor with root priveleges, specify the idp_url, api_url, log_path and log_level settings:

  • idp_url - idp URL address
  • api_url - core URL address
  • log_path - path to the folder with log files
  • log_level - logging level, can be INFO, WARN, ERROR, FATAL
Set idp_url https://pam.indeed-id.local/pam/idp
Set api_url https://pam.indeed-id.local/pam/core
Set log_path /var/log
Set log_level INFO

On some Linux systems, the ssh server does not allow the LC_ * environment variables by default.  For the application to work correctly, add the line AcceptEnv LC_PAM_USER LC_PAM_SESSION_ID (or LC_*)  in the /etc/ssh/sshd_config file.

To allow the execution of the pamsu command, you must enable the Allow run pamsu option in the SSH section in the policy.


  • No labels