On the Resource, you need to configure the trust to the Core and Idp web server certificate. You can check if the certificate is OK by running the command:
$ curl https://pam.indeed-id.local |
Open the /etc/pamsu.conf file in any editor with root priveleges, specify the idp_url, api_url, log_path and log_level settings:
Set idp_url https://pam.indeed-id.local/pam/idp Set api_url https://pam.indeed-id.local/pam/core Set log_path /var/log Set log_level INFO |
On some Linux systems, the ssh server does not allow the LC_ * environment variables by default. For the application to work correctly, add the line AcceptEnv LC_PAM_USER LC_PAM_SESSION_ID (or LC_*) in the /etc/ssh/sshd_config file.
To allow the execution of the pamsu command, you must enable the Allow run pamsu option in the SSH section in the policy. |