On Tue, Sep 20, 2016 at 03:37:27PM -0000, niger niger wrote:
I seting up fedora (24), using wiki.
https://fedorahosted.org/sssd/wiki/DesignDocs/SmartcardAuthenticationTest...
Every thing going ok, and i can use login and password. But if i'll try to use smart
card, nothing hapent in gdm logon screen.
So far I basically tested gdm on CentOS/RHEL which iirc have some
different defaults then Fedora with respect to gdm and Smartcards.
To make sure Smartcard authentication works in general I would like to
ask you to check if the login on the text console will ask you for the
Smartcard PIN or if 'su - aduser(a)ad.domain' will ask for the PIN (please
do not run the su command as root because this will skip all
authentication).
If there is no PIN prompt please add debug_level=10 to the [pam] section
in sssd.conf, restart SSSD, re-run the su or text console test and send
me the sssd_pam.log and p11_child.log files. Please see
https://fedorahosted.org/sssd/wiki/Troubleshooting for details.
HTH
bye,
Sumit
>
> pkcs11-tool --module my_pkcs11_module.so --slot 0 --list-objects -l
> ask my pin, and after show my certs and keys
>
> /usr/libexec/sssd/p11_child --pre -d 10 --debug-fd=2 --nssdb=/etc/pki/nssdb
> return public key of my cert.
>
> /etc/pam.d/smartcard-auth-ac
> auth sufficient pam_sss allow_missing_name
>
> in log, cant see any intresting about inserting my token.
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org