FreeIPA-users June 2017

freeipa-users@lists.fedorahosted.org

102 participants
92 discussions

SSH Key replication time/issues
by Jake 01 Jun '17

01 Jun '17

Hey again, I'm trying to track down how to ensure ssh keys are added AND removed quickly. Right now it seems I must restart ipa services or sss_cache -E to force them to update, and there doesn't seem to be a determinate amount of time to allow replication. Note, SSH keys are stored in the "Default View" for external users (external one-way trust with AD). Thanks, -Jake

3 5

Get rid of manually calling kinit with SSSD
by Ronald Wimmer 01 Jun '17

01 Jun '17

Hi, I read Jakub Hrozeks post https://jhrozek.wordpress.com/2015/07/17/get-rid-of-calling-manually-callin… and found that it is exactly what I need. The only problem is that I am using Ubuntu and not Fedora or CentOS. In sssd_pamlog i only see a SSS_PAM_OPEN_SESSION but no SSS_PAM_AUTHENTICATE - so most likely the pam config is still wrong. Is anybody here who got this working under Ubuntu? This is how my /etc/pam.d/common-auth looks: auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_sss.so use_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_ecryptfs.so unwrap auth optional pam_cap.so And this is my nsswitch.conf passwd: compat group: compat shadow: compat hosts: files wins mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns myhostname networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis sudoers: files sss Any ideas on this matter would be highly appreciated! Regards, Ronald

3 5

2025

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-users June 2017