On Thu, Mar 12, 2020 at 03:13:57PM -0000, Hristina Marosevic wrote:
> On Fri, Mar 06, 2020 at 12:44:35PM -0000, Hristina Marosevic
> no [pam] is not needed for your use case, access via ssh.
> This command looks for certificates from a Smartcard connected to the
> local system. However p11_child is used to validate the certificates for
> the ssh key generation as well. You should add debug_level = 9 to the
> [ssh] section of sssd.conf and then check sssd_ssh.log and p11_child.log
> after calling sss_ssh_authorized_keys.
I can not find a file named p11_child.log (i searched everything from the root
The only thing related to p11_child is executable /usr/libexec/sssd/p11_child - should I
use it to generate log?
Can you please help me with this?
the file should be in the SSSD log directory, so typically
Since it does not exists, p11_child was not called to validate the
certificates. In this case sssd_ssh.log is the only source of
information. Feel free to send the file or the part of the log file
which covers the time where sss_ssh_authorized_keys was called.
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines