I successfully set an active trust between my linux IPA domain and AD.
I added a few AD account to id views, and I can sucessfully login to my
linux machines with plain password.
Now, I added my ssh pub key to these servers and I see two kinds of
* I can login with the ssh pubkey on new created account (with id view)
* But on previous created account, if I first login with a password
and switch to a pub key authentication, I can't login without password.
* In opposite, if I remove the key to a user that sucessfully
authenticated, he still can continue to login without password.
I suppose it must exist a cache system, I tried to see several option in
sssd.conf as |offline_credentials_expiration,
||account_cache_expiration, ||entry_cache_timeout, but nothing changes.|
|Thank you for your help.
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project