On (17/04/20 12:01), Hugo Deprez wrote:
Hi Lukas,
thank you,
Sadly I'm not sure I'll be able to backport sssd 1.16 to debian 9 it is not part
of official backports.
Looking at the logs, when there is no pubkey authentification happen for more than 10s
there is no file release.
Is there a way to identify broken client ?
You can increase debug_level in '[pam]' section of sssd.conf
And you should be able to see something there.
Here is a message from sssd master
(Fri Apr 24 10:51:45 2020) [sssd[pam]] [get_client_cred] (0x4000): Client
[0x5629dd1be520][19] creds: euid[0] egid[0] pid[17233] cmd_line['su'].
BTW I would still recomment to test lastest sssd 1.16.
Maybe on debian 10 if you do not want to backport yourself.
LS