On Thu, Nov 29, 2018 at 02:03:09PM -0700, Orion Poplawski wrote:
On 11/28/18 11:29 PM, Sumit Bose wrote:
> On Wed, Nov 28, 2018 at 04:57:17PM -0700, Orion Poplawski wrote:
>> I configured a YubiKey on Windows using the YubiKey minidriver with the
>> following certificates:
>>
>> - my "orion" certificate - went into slot 9a PIV Auth
>> - A MacOS keychain cert per their docs - when into slot 9d Key Management
>> - Another auth certificate for "orion-admin" - went into slot 82
>>
>> I'm able to authenticate on Windows as either orion or orion-admin, but on
>> Linux with sssd it does not see the orion-admin certificate. What needs to
>> happen to support this?
>
> Which version of SSSD are you using?
On F29:
sssd-2.0.0-4.fc29.x86_64
I get somewhat different behavior. First the gdm login screen presents two
certificates:
- Certificate for Key Management
- Certificate for PIV Authentication
but still does not list the admin cert. Also, I don't believe it should list
the Key Management cert because it is not flagged for smart card authentication.
Do you mean the labels 'Certificate for PIV Authentication' and
'Certificate for Key Management' by 'flagged'?
SSSD only looks at the content of the certificate and by default uses
everything with key usage digitalSignature and extended key usage
clientAuth. With F29 you can modify this by adding mapping and matching
rules to sssd.conf, see the 'CERTIFICATE MAPPING SECTION' in man
sssd.conf for details.
> Can you sent the output of
>
> p11tool --list-all --provider opensc-pkcs11.so
The slots for the retired keys are not visible. I've found
https://github.com/OpenSC/OpenSC/issues/847#issuecomment-238119888 with
a command which made the slots visible for PKCS#11 on my Yubikey.
Nevertheless the type is still data even after importing a certificate
with 'yubico-piv-tool -a import-certificate'. Maybe this is different
when using the Windows driver?
Since you already reached out to Yubico you might want to ask as well
what needs to be done to make the certificates and private keys stored
in the retired slots properly available as certificate and private key
on the PKCS#11 level.
bye,
Sumit
>
> # p11tool --list-all --provider opensc-pkcs11.so
> Object 0:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;id=%01;object=PIV%20AUTH%20pubkey;type=public
> Type: Public key (RSA-2048)
> Label: PIV AUTH pubkey
> Flags: CKA_WRAP/UNWRAP;
> ID: 01
>
> Object 1:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;id=%01;object=Certificate%20for%20PIV%20Authentication;type=cert
> Type: X.509 Certificate (RSA-2048)
> Expires: Sat Nov 21 11:02:08 2020
> Label: Certificate for PIV Authentication
> ID: 01
>
> Object 2:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;id=%03;object=KEY%20MAN%20pubkey;type=public
> Type: Public key (RSA-2048)
> Label: KEY MAN pubkey
> Flags: CKA_WRAP/UNWRAP;
> ID: 03
>
> Object 3:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;id=%03;object=Certificate%20for%20Key%20Management;type=cert
> Type: X.509 Certificate (RSA-2048)
> Expires: Sat Nov 21 11:02:39 2020
> Label: Certificate for Key Management
> ID: 03
>
> Object 4:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;object=Card%20Capability%20Container;type=data
> Type: Data
> Label: Card Capability Container
> ID:
>
> Object 5:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;object=Card%20Holder%20Unique%20Identifier;type=data
> Type: Data
> Label: Card Holder Unique Identifier
> ID:
>
> Object 6:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;object=Unsigned%20Card%20Holder%20Unique%20Identifier;type=data
> Type: Data
> Label: Unsigned Card Holder Unique Identifier
> ID:
>
> Object 7:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;object=X.509%20Certificate%20for%20PIV%20Authentication;type=data
> Type: Data
> Label: X.509 Certificate for PIV Authentication
> ID:
>
> Object 8:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;object=X.509%20Certificate%20for%20Digital%20Signature;type=data
> Type: Data
> Label: X.509 Certificate for Digital Signature
> ID:
>
> Object 9:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;object=X.509%20Certificate%20for%20Key%20Management;type=data
> Type: Data
> Label: X.509 Certificate for Key Management
> ID:
>
> Object 10:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;object=X.509%20Certificate%20for%20Card%20Authentication;type=data
> Type: Data
> Label: X.509 Certificate for Card Authentication
> ID:
>
> Object 11:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;object=Security%20Object;type=data
> Type: Data
> Label: Security Object
> ID:
>
> Object 12:
> URL:
>
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;object=Discovery%20Object;type=data
> Type: Data
> Label: Discovery Object
> ID:
>
>
> >
> > and
> >
> > /usr/libexec/sssd/p11_child -d 10 --debug-fd=1 --nssdb=/etc/pki/nssdb --pre
> >
> > (in case you use a very recent OpenSSL build of SSSD please use
> > '--nssdb=/etc/sssd/pki/sssd_auth_ca_db.pem' or the place where your CA
> > certifcates are stored).
> >
>
> # /usr/libexec/sssd/p11_child -d 10 --debug-fd=1 --nssdb=/etc/pki/nssdb --pre
> (Thu Nov 29 14:01:57:597372 2018) [[sssd[p11_child[3338]]]] [main] (0x0400):
> p11_child started.
> (Thu Nov 29 14:01:57:597666 2018) [[sssd[p11_child[3338]]]] [main] (0x2000):
> Running in [pre-auth] mode.
> (Thu Nov 29 14:01:57:597858 2018) [[sssd[p11_child[3338]]]] [main] (0x2000):
> Running with effective IDs: [0][0].
> (Thu Nov 29 14:01:57:598246 2018) [[sssd[p11_child[3338]]]] [main] (0x2000):
> Running with real IDs [0][0].
> (Thu Nov 29 14:01:57:601833 2018) [[sssd[p11_child[3338]]]]
> [init_verification] (0x0040): X509_LOOKUP_load_file failed
> [185090184][error:0B084088:x509 certificate
> routines:X509_load_cert_crl_file:no certificate or crl found].
> (Thu Nov 29 14:01:57:602056 2018) [[sssd[p11_child[3338]]]] [do_work]
> (0x0040): init_verification failed.
> (Thu Nov 29 14:01:57:602358 2018) [[sssd[p11_child[3338]]]] [main] (0x0040):
> do_work failed.
> (Thu Nov 29 14:01:57:602651 2018) [[sssd[p11_child[3338]]]] [main] (0x0020):
> p11_child failed!
> root(a)vmf29.cora.nwra.com [~]# /usr/libexec/sssd/p11_child -d 10 --debug-fd=1
> --nssdb=/etc/sssd/pki/sssd_auth_ca_db.pem --pre
> (Thu Nov 29 14:02:14:096983 2018) [[sssd[p11_child[3376]]]] [main] (0x0400):
> p11_child started.
> (Thu Nov 29 14:02:14:097325 2018) [[sssd[p11_child[3376]]]] [main] (0x2000):
> Running in [pre-auth] mode.
> (Thu Nov 29 14:02:14:097558 2018) [[sssd[p11_child[3376]]]] [main] (0x2000):
> Running with effective IDs: [0][0].
> (Thu Nov 29 14:02:14:097815 2018) [[sssd[p11_child[3376]]]] [main] (0x2000):
> Running with real IDs [0][0].
> (Thu Nov 29 14:02:14:520623 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): Module List:
> (Thu Nov 29 14:02:14:520694 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): common name: [p11-kit-trust].
> (Thu Nov 29 14:02:14:520704 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): dll name: [/usr/lib64/pkcs11/p11-kit-trust.so].
> (Thu Nov 29 14:02:14:520735 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): Description [/etc/pki/ca-trust/source
> PKCS#11 Kit ] Manufacturer [PKCS#11 Kit
> ] flags [1] removable [false] token present [true].
> (Thu Nov 29 14:02:14:520753 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): Description [/usr/share/pki/ca-trust-source
> PKCS#11 Kit ] Manufacturer [PKCS#11 Kit
> ] flags [1] removable [false] token present [true].
> (Thu Nov 29 14:02:14:520764 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): common name: [opensc].
> (Thu Nov 29 14:02:14:520771 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): dll name: [/usr/lib64/pkcs11/opensc-pkcs11.so].
> (Thu Nov 29 14:02:14:521689 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): Description [Yubico Yubikey 4 OTP+U2F+CCID 00 00
> Yubico ] Manufacturer [Yubico
> ] flags [7] removable [true] token present [true].
> (Thu Nov 29 14:02:14:538790 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): Found [Orion Poplawski] in slot [Yubico Yubikey 4 OTP+U2F+CCID 00
> 00][0] of module [1][/usr/lib64/pkcs11/opensc-pkcs11.so].
> (Thu Nov 29 14:02:14:538824 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): Login NOT required.
> (Thu Nov 29 14:02:14:539066 2018) [[sssd[p11_child[3376]]]] [read_certs]
> (0x4000): found cert[Certificate for PIV
> Authentication][/DC=com/DC=nwra/DC=ad/OU=NWRA/CN=Orion Poplawski]
> (Thu Nov 29 14:02:14:539770 2018) [[sssd[p11_child[3376]]]] [do_ocsp]
> (0x0020): No OCSP URL in certificate and no default responder defined,
> skipping OCSP check.
> (Thu Nov 29 14:02:14:539891 2018) [[sssd[p11_child[3376]]]] [read_certs]
> (0x4000): found cert[Certificate for Key
> Management][/DC=com/DC=nwra/DC=ad/OU=NWRA/CN=Orion Poplawski]
> (Thu Nov 29 14:02:14:540279 2018) [[sssd[p11_child[3376]]]] [do_ocsp]
> (0x0020): No OCSP URL in certificate and no default responder defined,
> skipping OCSP check.
> (Thu Nov 29 14:02:14:540299 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): (null) /usr/lib64/pkcs11/opensc-pkcs11.so (null) Orion Poplawski
> (null) 03.
> (Thu Nov 29 14:02:14:540308 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): (null) /usr/lib64/pkcs11/opensc-pkcs11.so (null) Orion Poplawski
> (null) 01.
> (Thu Nov 29 14:02:14:540377 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): uri:
>
pkcs11:library-description=OpenSC%20smartcard%20framework;library-manufacturer=OpenSC%20Project;library-version=0.19;slot-description=Yubico%20Yubikey%204%20OTP%2bU2F%2bCCID%2000%2000;slot-manufacturer=Yubico;slot-id=0;model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;id=%01;object=Certificate%20for%20PIV%20Authentication;type=cert.
> (Thu Nov 29 14:02:14:540417 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): uri:
>
pkcs11:library-description=OpenSC%20smartcard%20framework;library-manufacturer=OpenSC%20Project;library-version=0.19;slot-description=Yubico%20Yubikey%204%20OTP%2bU2F%2bCCID%2000%2000;slot-manufacturer=Yubico;slot-id=0;model=PKCS%2315%20emulated;manufacturer=piv_II;serial=d75c91b27c25efbd;token=Orion%20Poplawski;id=%03;object=Certificate%20for%20Key%20Management;type=cert.
> (Thu Nov 29 14:02:14:540430 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): Found certificate has key id [01].
> (Thu Nov 29 14:02:14:540457 2018) [[sssd[p11_child[3376]]]] [do_card]
> (0x4000): Found certificate has key id [03].
> Orion Poplawski
> /usr/lib64/pkcs11/opensc-pkcs11.so
> 01
> Certificate for PIV Authentication
>
MIIH5TCCBc2gAwIBAgITdgAAAczbsI5xA5LqwgAAAAABzDANBgkqhkiG9w0BAQ0FADBcMRMwEQYKCZImiZPyLGQBGRYDY29tMRQwEgYKCZImiZPyLGQBGRYEbndyYTESMBAGCgmSJomT8ixkARkWAmFkMRswGQYDVQQDExJhZC1BRC1TRUFUVExFMDEtQ0EwHhcNMTgxMTIxMTc1MjA4WhcNMjAxMTIxMTgwMjA4WjBoMRMwEQYKCZImiZPyLGQBGRYDY29tMRQwEgYKCZImiZPyLGQBGRYEbndyYTESMBAGCgmSJomT8ixkARkWAmFkMQ0wCwYDVQQLEwROV1JBMRgwFgYDVQQDEw9PcmlvbiBQb3BsYXdza2kwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0rbm0RJlpt16T8hM4TJauyh+1pQZI6tzlMPMAvljpo52KNXof9zf5z21kn+fmWmESkuHi32Ddzx5u+QoOu7YngDa+Ek/vfMpoLCpc2ioyJTXyOSArj3PLllNzSRewm5LJYxhKYqz7PegfTR9m0+NpNYh6vOIm9rzLFmG5+MZJdkv8zwZoIYbcON+ZAZDczGxinTSU5qK/G8c20CdDJbNyu+YWnd2B0owhgXlq7faddG/aXEpIT3FDJtTcX0EjHLyh1Zr2IIZiMvRlRLdTl2Kq4ujNYJcYSiQGkAfXo5KEyC2iZh5k2m+7qyE7v82m+MXUdVtcFtuw4fTj1edSnOBvAgMBAAGjggOSMIIDjjA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiD5Jojg6WiQ4GNnRCBnuAagaqGBoEywalyhtXJewIBZAIBBTAfBgNVHSUEGDAWBgorBgEEAYI3FAICBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwKQYJKwYBBAGCNxUKBBwwGjAMBgorBgEEAYI3FAICMAoGCCsGAQUFBwMCMIGUBgkqhkiG9w0BCQ8EgYYwgYMwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglghkgBZQMEARYwCwYJYIZIAWUDBAEZMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwCgYIKoZIhvcNAwcwBwYFKw4DAgcwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgICADAdBgNVHQ4EFgQUrBhZaZYc5ALsWmG+76SqDPYr4cIwHwYDVR0jBBgwFoAUfNJMaZA8k520zkPFvv5Hfl4MDTkwggEgBgNVHR8EggEXMIIBEzCCAQ+gggELoIIBB4ZBaHR0cDovL0FELVNFQVRUTEUwMS5hZC5ud3JhLmNvbS9DZXJ0RW5yb2xsL2FkLUFELVNFQVRUTEUwMS1DQS5jcmyGgcFsZGFwOi8vL0NOPWFkLUFELVNFQVRUTEUwMS1DQSxDTj1BRC1TRUFUVExFMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9YWQsREM9bndyYSxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIHHBggrBgEFBQcBAQSBujCBtzCBtAYIKwYBBQUHMAKGgadsZGFwOi8vL0NOPWFkLUFELVNFQVRUTEUwMS1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1hZCxEQz1ud3JhLERDPWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTAsBgNVHREEJTAjoCEGCisGAQQBgjcUAgOgEwwRb3Jpb25AYWQubndyYS5jb20wDQYJKoZIhvcNAQENBQADggIBAJLuzfAPsiBf9VLIbevGMYRDoG0IgArZVSpd9LtW8gGjvta6zPfq9WrGGzPu8fclNE8PHVeV8YnkJpLFyu4Z8PjUwZZrN4Jt//yTxuMMa2srE5VEtnqulb/Hmyh5PKBTeN2HdDnX5o85btZruAvazfv3N8gmlQWOrkPWWW83uQKoritnpA+20hkQc6P6ojt51ViYZQKMpp+nCbjBKZ8ybWL0zwIM9Hd0iHFp2ZhuuQz5UpzuVGPgI4zu8CyVo3gfP2N1e8dBHz/OGtNDU3sXHEMjSay1EP2A+eKYelRQq0Dh2fs78AUEaOMaimgX24d7gH6WiuPjgfUxLy4DP7qq/aFpjEeDJo0IplfY4RxGSUe63GivmGGOGXklcq6ZU8aycY2C8QJtLmfAD7SKhzxmwScb9MKM0U4naP25VzOheE6V6e2RN4pGA5h9PJyI5+/Pbf82FuLsq4mVOjmLcD7gzSdjkMbysoqz/gLbhytDJ4Eh8FTg3YncqXWb4r8gcRKBZXuoLCrGDliYaHsJFsbAsX7vJ0Tp1DnvX7wWGXWGDxHtPRetmtq+cauKeHIXmSI3R7zueMDL2Gt3089NBJh/Hp2qAWwShR3TuO2tffConFJS9LLX5SBlNA2Lkybxsh/FAbPjFbzC5oCeGO0g5zuaago7WEm4CuiLQtvfimO9GNKe
> Orion Poplawski
> /usr/lib64/pkcs11/opensc-pkcs11.so
> 03
> Certificate for Key Management
>
MIIH0DCCBbigAwIBAgITdgAAAc1+AMfS7zlhnwAAAAABzTANBgkqhkiG9w0BAQ0FADBcMRMwEQYKCZImiZPyLGQBGRYDY29tMRQwEgYKCZImiZPyLGQBGRYEbndyYTESMBAGCgmSJomT8ixkARkWAmFkMRswGQYDVQQDExJhZC1BRC1TRUFUVExFMDEtQ0EwHhcNMTgxMTIxMTc1MjM5WhcNMjAxMTIxMTgwMjM5WjBoMRMwEQYKCZImiZPyLGQBGRYDY29tMRQwEgYKCZImiZPyLGQBGRYEbndyYTESMBAGCgmSJomT8ixkARkWAmFkMQ0wCwYDVQQLEwROV1JBMRgwFgYDVQQDEw9PcmlvbiBQb3BsYXdza2kwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT4bc6zf6EVUgyCqKYnMatK6qtiL+yjGnhHRl0nCoeN/TWmY47f23Nb/CjGW5W9T+i2jVM4HE2pijoEFcLQQnLkWQLSNeYQ+HKMY8kdmcT+aYDk5N5scDRKg5mIN1HaMqQqRYgXfgdlMh46u6kzVVHM+iuGnrHOTIV6b84PNHU3xLHidhqPZF6IRcuSmfLYGiKrQj2RuR0gD+19c1Gi2iupsMSCBAwJAukoY/gMK01n+srjIidgNT8lufajIA52b4w7GsYfQrByY9ChBH/tORRMaR6PDA7P6YIv0r6BlIvgTIeA4VOEXVFXtr8waY/WI3Lvn9oVeSBmu6Z6Owajl+3AgMBAAGjggN9MIIDeTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiD5Jojg6WiQ4GNnRCBnuAagaqGBoEyh6mmD4GZshECAWQCAQcwFQYDVR0lBA4wDAYKKwYBBAGCNwoDBDAOBgNVHQ8BAf8EBAMCBSAwHQYJKwYBBAGCNxUKBBAwDjAMBgorBgEEAYI3CgMEMIGUBgkqhkiG9w0BCQ8EgYYwgYMwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglghkgBZQMEARYwCwYJYIZIAWUDBAEZMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwCgYIKoZIhvcNAwcwBwYFKw4DAgcwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgICADAdBgNVHQ4EFgQULZA/coMUaYGWcNN2uD+kmQ5ctP0wHwYDVR0jBBgwFoAUfNJMaZA8k520zkPFvv5Hfl4MDTkwggEgBgNVHR8EggEXMIIBEzCCAQ+gggELoIIBB4ZBaHR0cDovL0FELVNFQVRUTEUwMS5hZC5ud3JhLmNvbS9DZXJ0RW5yb2xsL2FkLUFELVNFQVRUTEUwMS1DQS5jcmyGgcFsZGFwOi8vL0NOPWFkLUFELVNFQVRUTEUwMS1DQSxDTj1BRC1TRUFUVExFMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9YWQsREM9bndyYSxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIHHBggrBgEFBQcBAQSBujCBtzCBtAYIKwYBBQUHMAKGgadsZGFwOi8vL0NOPWFkLUFELVNFQVRUTEUwMS1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1hZCxEQz1ud3JhLERDPWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTAsBgNVHREEJTAjoCEGCisGAQQBgjcUAgOgEwwRb3Jpb25AYWQubndyYS5jb20wDQYJKoZIhvcNAQENBQADggIBAHAScbtpgzQJajb8HlAIhH05SxU51vjigvIu5LH5VBvuIuMlWsIbvo5k3vf7bkNUaJgrpl/6qzsXm4Y4hwv7C6EJL5PjClfMtj7R7HHfQFFtbmhdfJs2yvik7rU6NzHKdCQ16ZeG/J3ZMUpnjqLO2xBN6UYb/0zf8YjrHcIDHx/yQplsulKA76tTCJ5mtG7yodPqhIC7pfcusqHaK+XOPNyO5nL7N0uSOILcS5Z0dsUS/ZLz4nce1Wle46Ni/ybzt7uaJJwTABlb4ZkHE5Co1wy6yFUPe3YDSNB8JWetMCwtKBD5u5m2gGynfQNGTUW1CDtoLFSBvG0EKqjkeZpPsotbJK/475HJFLrsL78H6x588fc80fMQyBHR0o4kYn/Qv/AdS72ZocF10tn84UuTwqNOAJi8aKHd3D/1ztunH5HTTdimsZq1cNsYi/ZL3bojhhJS0AaPCjmpbTr0M7m4ZLtn6pmigCRbZEsUoO8qwUDt5D/aGOxORA6H9j/TzV1ER9n6h7kRRwFPn5zZXaAqzfl3dkQZIkjvYyNYaxkI5fBw5JFNLFRJNZdY9vyqGTbzUWl8pKOReWoSLK89IN2B/Mh2gwworha4SZ5ldNobMElNAXTYyh5T9QDk4Vl6sKN2kKhruKmz5vy+lxScQR1kAoxe2x58KEGyv3DhrsSLqUna
>
> > bye,
> > Sumit
> >
> >>
> >> Thanks!
> >>
> >> --
> >> Orion Poplawski
> >> Manager of NWRA Technical Systems 720-772-5637
> >> NWRA, Boulder/CoRA Office FAX: 303-415-9702
> >> 3380 Mitchell Lane orion(a)nwra.com
> >> Boulder, CO 80301
https://www.nwra.com/
> >> _______________________________________________
> >> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> >> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> >> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> >> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> >> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
> > _______________________________________________
> > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> > Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
> >
>
>
> --
> Orion Poplawski
> Manager of NWRA Technical Systems 720-772-5637
> NWRA, Boulder/CoRA Office FAX: 303-415-9702
> 3380 Mitchell Lane orion(a)nwra.com
> Boulder, CO 80301
https://www.nwra.com/