Noted, I'll hit 'reply-all' from now on.
Looking over those links you sent me, I've decided to:
- Ran 'ipa user-show $user' and verified the certificate returned
- Ran 'ipa certmap-match cert.pem' on an extracted certificate that is
also on the SmartCard, it returned my user.
- Ran 'kinit' and it reacted to my smartcard being present, asking for a
PIN along with my username being displayed, giving the default pin of
'123456' it returned an error I haven't been able to decipher yet:
'*kinit: KDC policy rejects request while getting initial credentials*'
I think this is the current blocking point in the authentication
process, any ideas what it fully means? My google-fu has failed me here.
On 1/25/23 12:39, Rob Crittenden wrote:
r0nam1 wrote:
So far it's a lot of 'I thinks'. I think I've configured OpenSC and
pcscd correctly, I think I've configured SSSD correctly, and I think
I've configured PAM correctly, if you can give me a list of relevant
logs or test commands (Even full directory's of logs) I'll do what I can.
Please keep responses on the list.
The log to see depends on the behavior.
Some additional readings (some are rather old but still relevant):
https://floblanc.wordpress.com/?s=smart
https://frasertweedale.github.io/blog-redhat/posts/2016-08-12-yubikey-sc-login.html
rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
