Config files sent directly to Jakub.
I have done this to test the case:
# /usr/bin/sss_ssh_authorizedkeys <user>
Error looking up public keys
# /usr/bin/sss_ssh_authorizedkeys <user>@<domain>
ssh-rsa AAAAB3N..................
[root@hlau03tst drextrha]# /usr/bin/sss_ssh_authorizedkeys -d <domain> <user>
ssh-rsa AAAAB3N.........
----- On Nov 24, 2016, at 9:35 AM, Jakub Hrozek jhrozek(a)redhat.com wrote:
On Thu, Nov 24, 2016 at 08:10:30AM +0100, Troels Hansen wrote:
> Hi there
>
> After default_domain_suffix finally began working corretly in SSSD 1.14 we have
> started using it, but have found a side affect og not logging in with full
> domain:
>
> We currently have some AD domain users having a override on out IPA servers,
> where they have added their SSH key.
>
> If AuthorizedKeysCommand is set to sss_ssh_authorizedkeys in SSH without a
> domain (-d) it will not try to look up the users SSH key
>
> I would suppose that sss_ssh_authorizedkeys should at least try to look up the
> user with the default_domain_suffix from sssd.conf?
>
> Even better would probably be to implement a fallback to try both the configured
> ipa_domain and default_domain_suffix?
This sounds like something that should just work with 1.14. Can you paste
your server and client config files and the sss_ssh_authorizedkeys
configuration (should be just the default, right?) that doesn't work for
you so we can try to reproduce the issue locally?
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
--
Med venlig hilsen
Troels Hansen
Systemkonsulent
Casalogic A/S
T (+45) 70 20 10 63
M (+45) 22 43 71 57
Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.