On Fri, Feb 14, 2020 at 07:36:14PM -0000, Leon Castellano via FreeIPA-users wrote: > Hi, > > Linking works for listing tokens: > > [root@ipaclient 0]# env|grep RUNTIME > [root@ipaclient 0]# pwd > /run/user/0 > [root@ipaclient 0]# ls -l > total 0 > lrwxrwxrwx. 1 root root 22 Feb 14 14:28 p11-kit -> /run/user/<UID>/p11-kit > [root@ipaclient 0]# p11tool --provider=/usr/lib64/pkcs11/p11-kit-client.so > --list-tokens > Token 0: > URL: > pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=<REDACTED>;token=PIV_II > Label: PIV_II > Type: Hardware token > Flags: RNG, Requires login > Manufacturer: piv_II > Model: PKCS#15 emulated > Serial: <REDACTED> > Module: > > Unfortunately, sudo still prompts for PW: > > [user@ipaclient][~]$ p11tool --list-tokens > Token 0: > URL: > pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust > Label: System Trust > Type: Trust module > Flags: uPIN uninitialized > Manufacturer: PKCS#11 Kit > Model: p11-kit-trust > Serial: 1 > Module: p11-kit-trust.so > > > Token 1: > URL: > pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=Default%20Trust > Label: Default Trust > Type: Trust module > Flags: uPIN uninitialized > Manufacturer: PKCS#11 Kit > Model: p11-kit-trust > Serial: 1 > Module: p11-kit-trust.so > > > Token 2: > URL: > pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=<REDACTED>;token=PIV_II > Label: PIV_II > Type: Hardware token > Flags: RNG, Requires login > Manufacturer: piv_II > Model: PKCS#15 emulated > Serial: <REDACTED> > Module: /usr/lib64/pkcs11/p11-kit-client.so > > [14:32:09][user@ipaclient][~]$ sudo -i > [sudo] password for user:
Hi, can you set 'debug_level = 9' in the [pam] section of sssd.conf, restart SSSD, try sudo again and send me sssd.conf and the logs files from /var/log/sssd/? bye, Sumit > > Thanks for your time, > > -Leon > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org