[Freeipa-users] Re: Authentication indicators smartcard, ssh and sudo

Fri, 14 Feb 2020 11:37:48 -0800 

Hi,

Linking works for listing tokens:

[root@ipaclient 0]# env|grep RUNTIME
[root@ipaclient 0]# pwd
/run/user/0
[root@ipaclient 0]# ls -l
total 0
lrwxrwxrwx. 1 root root 22 Feb 14 14:28 p11-kit -> /run/user/<UID>/p11-kit
[root@ipaclient 0]# p11tool --provider=/usr/lib64/pkcs11/p11-kit-client.so 
--list-tokens
Token 0:
        URL: 
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=<REDACTED>;token=PIV_II
        Label: PIV_II
        Type: Hardware token
        Flags: RNG, Requires login
        Manufacturer: piv_II
        Model: PKCS#15 emulated
        Serial: <REDACTED>
        Module: 

Unfortunately, sudo still prompts for PW:

[user@ipaclient][~]$ p11tool --list-tokens
Token 0:
        URL: 
pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
        Label: System Trust
        Type: Trust module
        Flags: uPIN uninitialized
        Manufacturer: PKCS#11 Kit
        Model: p11-kit-trust
        Serial: 1
        Module: p11-kit-trust.so


Token 1:
        URL: 
pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=Default%20Trust
        Label: Default Trust
        Type: Trust module
        Flags: uPIN uninitialized
        Manufacturer: PKCS#11 Kit
        Model: p11-kit-trust
        Serial: 1
        Module: p11-kit-trust.so


Token 2:
        URL: 
pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=<REDACTED>;token=PIV_II
        Label: PIV_II
        Type: Hardware token
        Flags: RNG, Requires login
        Manufacturer: piv_II
        Model: PKCS#15 emulated
        Serial: <REDACTED>
        Module: /usr/lib64/pkcs11/p11-kit-client.so

[14:32:09][user@ipaclient][~]$ sudo -i
[sudo] password for user:

Thanks for your time,

-Leon
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to