On Thu, Mar 12, 2020 at 4:52 PM Sumit Bose <sbose@redhat.com> wrote:

the file should be in the SSSD log directory, so typically

Since it does not exists, p11_child was not called to validate the
certificates. In this case sssd_ssh.log is the only source of
information. Feel free to send the file or the part of the log file
which covers the time where sss_ssh_authorized_keys was called.


Just for the record, there was a bug that caused not creating p11_child log file and the records
were actually stored in parent process log.

Fixed in commit 30d0ccd49

Tomas Halman