On Thu, Mar 12, 2020 at 03:13:57PM -0000, Hristina Marosevic wrote:
> On Fri, Mar 06, 2020 at 12:44:35PM -0000, Hristina Marosevic
wrote:
>
> Hi,
>
> no [pam] is not needed for your use case, access via ssh.
>
>
> This command looks for certificates from a Smartcard connected to the
> local system. However p11_child is used to validate the certificates for
> the ssh key generation as well. You should add debug_level = 9 to the
> [ssh] section of sssd.conf and then check sssd_ssh.log and p11_child.log
> after calling sss_ssh_authorized_keys.
>
> HTH
>
> bye,
> Sumit
I can not find a file named p11_child.log (i searched everything from the root
directory)
The only thing related to p11_child is executable /usr/libexec/sssd/p11_child - should I
use it to generate log?
Can you please help me with this?
Hi,
the file should be in the SSSD log directory, so typically
/var/log/sssd/p11_child.log.
Since it does not exists, p11_child was not called to validate the
certificates. In this case sssd_ssh.log is the only source of
information. Feel free to send the file or the part of the log file
which covers the time where sss_ssh_authorized_keys was called.
bye,
Sumit
BR,
Hristina
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...