On Mon, Feb 22, 2016 at 10:03:37AM -0600, Michael Rainey (Contractor) wrote: > Greetings, > > I have a question about using smart card authentication on Fedora 23. We > have worked out a procedure for setting up smart card login on our SL7.2 > systems and it seems to be working very well. However, when trying to use > the same process on a Fedora 23 system the process starts to fall apart. On > SL7.2, smart card login on GDM needs to disabled so SSSD can do its job of > authenticating. Does the same option need to be disabled for SSSD perform > the smart card login on Fedora 23? Are there any other details that may > vary from the RHEL7.2 release?
yes, smart card login on GDM needs to disabled as well. Additionally please check if you PAM configuration in /etc/pam.d/password-auth and /etc/pam.d/system-auth contain ... auth [default=1 success=ok] pam_localuser.so auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_sss.so forward_pass ... If not, running 'authconfig --updateall' might help. HTH bye, Sumit > -- > *Michael Rainey* > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project