On Thu, Sep 28, 2017 at 11:29:27AM -0400, Steve Weeks via FreeIPA-users wrote:
> We have smartcards (PIV) working just fine on Fedora 25 with FreeIPA client
> version 4.4.4 (SSSD 1.14.2). However on Ubuntu 16.04, FreeIPA client
> 4.3.1, SSSD 1.13.4 the smartcard seems to be ignored.
> The smartcard is readable using pkcs11-tools and pkcs15-tools on both
> On both systems sssd.conf contains:
> pam_cert_auth = True
> I've turned the sssd logging up to 9 on both systems and it looks like
> p11_child is never called on the Ubuntu system. On the Ubuntu system
> p11_child.log is empty and there is no sign of it being started in the
> Any suggestions on what I should look at next?
How does your PAM configuration looks like? You have to make sure that
pam_sss.so is the first module called for SSSD users. If pam_unix comes
first it will ask for a Password and pass it on to pam_sss.so which will
try password authentication in this case.
> FreeIPA-users mailing list -- firstname.lastname@example.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org