SSH Key replication time/issues
by Jake
Hey again,
I'm trying to track down how to ensure ssh keys are added AND removed quickly.
Right now it seems I must restart ipa services or sss_cache -E to force them to update, and there doesn't seem to be a determinate amount of time to allow replication.
Note, SSH keys are stored in the "Default View" for external users (external one-way trust with AD).
Thanks,
-Jake
6 years, 4 months
Get rid of manually calling kinit with SSSD
by Ronald Wimmer
Hi,
I read Jakub Hrozeks post
https://jhrozek.wordpress.com/2015/07/17/get-rid-of-calling-manually-call...
and found that it is exactly what I need. The only problem is that I am
using Ubuntu and not Fedora or CentOS.
In sssd_pamlog i only see a SSS_PAM_OPEN_SESSION but no
SSS_PAM_AUTHENTICATE - so most likely the pam config is still wrong. Is
anybody here who got this working under Ubuntu?
This is how my /etc/pam.d/common-auth looks:
auth [success=2 default=ignore] pam_unix.so nullok_secure
try_first_pass
auth [success=1 default=ignore] pam_sss.so use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_ecryptfs.so unwrap
auth optional pam_cap.so
And this is my nsswitch.conf
passwd: compat
group: compat
shadow: compat
hosts: files wins mdns4_minimal [NOTFOUND=return] resolve
[!UNAVAIL=return] dns myhostname
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
sudoers: files sss
Any ideas on this matter would be highly appreciated!
Regards,
Ronald
6 years, 4 months
