Hi all,
I'm trying to get SmartCard authentication working. Using a "Aventra
MyEID PKI card" it all looks promising, the card is recognized, a
private key and FreeIPA signed cert is added to the card.
However, I cannot get sssd authentication to work.
After "systemctl (re)start sssd.service" and a "sudo -l" it will take
quite a long time before the password prompt will show up, NOT the
smartcard PIN prompt.
Afterwards, searching the sss cache:
ldbsearch -H /var/lib/sss/db/cache_blabla.bla.ldb [email protected]
| grep -i auth
lastOnlineAuth: 1731586997
~
Strangly, stopping sssd (systemctl stop sssd) and running sssd, as user
root, in the foreround (sssd -i -d3) it will work and sudo -l will ask
for the Smart Card PIN.
Afterwards, searching the sss cache:
ldbsearch -H /var/lib/sss/db/cache_blabla.bla.ldb [email protected]
| grep -i auth
localSmartcardAuth: TRUE
localPasskeyAuth: FALSE
~
Hence, it seems the smartcard and sssd are working but only sssd
running in the foreground! Rebooting the server, login to the console,
stopping sssd and running "sssd -i -d3" it all works perfectly: GDM
login, sudo...
What could be causing this problem?
FYI:
- Tested on RHEL 9.4 and Alma 9.4
- Thinkpad P14S with Alcor Micro Corp. AU9540 Smartcard Reader
- MyEID 4.5 PKI card
- SELinux Enforcing/Permissive: no difference
Kind regards,
Winfried
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
