[SSSD-users] Re: yubikey-based pkinit stopped working switching from sssd 1.15.2/Ubuntu 16.04 auf sssd 1.16.1/Ubuntu 18.04

On Fri, Dec 07, 2018 at 01:09:34PM -0000, tallinn1960(a)yahoo.de wrote: Can you share the full logs with debug_level=9? The behavior you described above is expected and you should see a similar SSS_PAM_PREAUTH step in 1.15.2 as well. The SSS_PAM_PREAUTH is done first, before the user is asked for a PIN or a password to check which authentication methods are available for the user on the KDC. Based on the result the user is prompted and then SSS_PAM_AUTHENTICATE is run. Are you prompted for a PIN or a password with 1.16.1? Is the Kerberos pkinit plugin installed on the system running 1.16.1? Can you check the system log if pcscd says that access is denied for the user trying to log in? bye, Sumit > > How shall we fix this? > _______________________________________________ > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...