trissylegs/log

## log
Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unixd] Accepted connection
Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unixd] nssaccountbyname req
Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unix_common::cache] get_usertoken
Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unix_common::cache] online expired, refresh cache
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_client::asynchronous] opid -> "186f9f81-31e4-40d2-ab79-88bd2ee9aaf7"
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert -> 1
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert -> 1
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] delete memberships -> 2
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert membership -> 1
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert membership -> 1
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] token -> Some(UnixUserToken { name: "nirya", spn: "nirya@idm.trissyle.gs", displayname: "Triss Healy",>
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Attempting to send response -> NssAccount(Some(NssUser { name: "nirya", gid: 1001, gecos: "Triss Healy", homedir: ">
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] flushed response!
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Disconnecting client ...
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Accepted connection
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] nssaccountbyuid req
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] get_usertoken
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] online valid, returning cached item
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] token -> Some(UnixUserToken { name: "nirya", spn: "nirya@idm.trissyle.gs", displayname: "Triss Healy",>
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Attempting to send response -> NssAccount(Some(NssUser { name: "nirya", gid: 1001, gecos: "Triss Healy", homedir: ">
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] flushed response!
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Disconnecting client ...
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] Accepted connection
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] nssaccountbyname req
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unix_common::cache] get_usertoken
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unix_common::cache] online valid, returning cached item
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unix_common::cache] token -> Some(UnixUserToken { name: "nirya", spn: "nirya@idm.trissyle.gs", displayname: "Triss Healy",>
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] Attempting to send response -> NssAccount(Some(NssUser { name: "nirya", gid: 1001, gecos: "Triss Healy", homedir: ">
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] flushed response!
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] Disconnecting client ...

## system-auth
#%PAM-1.0

auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth       [success=2 default=ignore]  pam_unix.so          try_first_pass nullok
auth       sufficient                  pam_kanidm.so        debug ignore_unknown_user
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.

account    required                    pam_unix.so
account    optional                    pam_permit.so
account    sufficient                  pam_kanidm.so debug ignore_unknown_user
account    required                    pam_time.so

password   required                    pam_unix.so          try_first_pass nullok shadow sha512
password   sufficient                  pam_kanidm.so debug
password   optional                    pam_permit.so

session    required                    pam_limits.so
session    required                    pam_unix.so
session    optional                    pam_permit.so
	Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unixd] Accepted connection
	Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unixd] nssaccountbyname req
	Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unix_common::cache] get_usertoken
	Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unix_common::cache] online expired, refresh cache
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_client::asynchronous] opid -> "186f9f81-31e4-40d2-ab79-88bd2ee9aaf7"
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert -> 1
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert -> 1
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] delete memberships -> 2
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert membership -> 1
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert membership -> 1
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] token -> Some(UnixUserToken { name: "nirya", spn: "nirya@idm.trissyle.gs", displayname: "Triss Healy",>
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Attempting to send response -> NssAccount(Some(NssUser { name: "nirya", gid: 1001, gecos: "Triss Healy", homedir: ">
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] flushed response!
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Disconnecting client ...
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Accepted connection
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] nssaccountbyuid req
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] get_usertoken
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] online valid, returning cached item
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] token -> Some(UnixUserToken { name: "nirya", spn: "nirya@idm.trissyle.gs", displayname: "Triss Healy",>
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Attempting to send response -> NssAccount(Some(NssUser { name: "nirya", gid: 1001, gecos: "Triss Healy", homedir: ">
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] flushed response!
	Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Disconnecting client ...
	Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] Accepted connection
	Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] nssaccountbyname req
	Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unix_common::cache] get_usertoken
	Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unix_common::cache] online valid, returning cached item
	Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unix_common::cache] token -> Some(UnixUserToken { name: "nirya", spn: "nirya@idm.trissyle.gs", displayname: "Triss Healy",>
	Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] Attempting to send response -> NssAccount(Some(NssUser { name: "nirya", gid: 1001, gecos: "Triss Healy", homedir: ">
	Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] flushed response!
	Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] Disconnecting client ...
	#%PAM-1.0

	auth required pam_faillock.so preauth
	# Optionally use requisite above if you do not want to prompt for the password
	# on locked accounts.
	auth [success=2 default=ignore] pam_unix.so try_first_pass nullok
	auth sufficient pam_kanidm.so debug ignore_unknown_user
	auth [default=die] pam_faillock.so authfail
	auth optional pam_permit.so
	auth required pam_env.so
	auth required pam_faillock.so authsucc
	# If you drop the above call to pam_faillock.so the lock will be done also
	# on non-consecutive authentication failures.

	account required pam_unix.so
	account optional pam_permit.so
	account sufficient pam_kanidm.so debug ignore_unknown_user
	account required pam_time.so

	password required pam_unix.so try_first_pass nullok shadow sha512
	password sufficient pam_kanidm.so debug
	password optional pam_permit.so

	session required pam_limits.so
	session required pam_unix.so
	session optional pam_permit.so