On Wed, Jul 15, 2015 at 01:09:42PM -0700, Angelo Pantano wrote: > SSSD is able to evaluate group membership, but if for instance I create a > view for my user and I add a ssh public key I can only use it to login > passwordless in the IPA server, not on an IPA client. The password still > works, but I see nothing in the sssd logs that explains why the pubkey was > rejected on the IPA client. Could be that the client is not really aware > that there is a view override? I thought that the external mapping would > facilitate this..
The views usage is new to me in this thread. Please note there was a number of bugs in the views functionality in 7.1 that were not fixes in a 7.1.z stream so far. If you have a test setup, then it would be best to try and reproduce the bug with the latest 1.12 packages from a COPR repo we have. Would that be possible? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project