I successfully set an active trust between my linux IPA domain and AD.
I added a few AD account to id views, and I can sucessfully login to my linux machines with plain password.

Now, I added my ssh pub key to these servers and I see two kinds of behaviour:

 * I can login with the ssh pubkey on new created account (with id view)
 * But on previous created account, if I first login with a password
   and switch to a pub key authentication, I can't login without password.
 * In opposite, if I remove the key to a user that sucessfully
   authenticated, he still can continue to login without password.

I suppose it must exist a cache system, I tried to see several option in sssd.conf as |offline_credentials_expiration, ||account_cache_expiration, ||entry_cache_timeout, but nothing changes.|

|Thank you for your help.

Nathanaël Blanchet

Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5       
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to