Hi Sumit,
Actually, I just got it working without forwarding card:
yum install -y pam_ssh_agent_auth
~/.ssh/config:
ForwardAgent yes
/etc/sudoers:
Defaultsenv_keep += "SSH_AUTH_SOCK"
/etc/pam.d/sudo:
#%PAM-1.0
auth sufficient pam_ssh_agent_auth.so
Kevin Vasko via FreeIPA-users
writes:
> Hello,
>
> I’m trying to understand when/how the different KVNO versions in a
> file should or shouldn’t work. We have a Dell EMC Unity box that’s
> giving us fits on what it will accept for a keytab file with different
> KVNO versions. I’m not sure if
On Fri, Feb 14, 2020 at 07:36:14PM -, Leon Castellano via FreeIPA-users
wrote:
> Hi,
>
> Linking works for listing tokens:
>
> [root@ipaclient 0]# env|grep RUNTIME
> [root@ipaclient 0]# pwd
> /run/user/0
> [root@ipaclient 0]# ls -l
> total 0
> lrwxrwxrwx. 1 root root 22 Feb 14 14:28 p11-kit
Hi,
Linking works for listing tokens:
[root@ipaclient 0]# env|grep RUNTIME
[root@ipaclient 0]# pwd
/run/user/0
[root@ipaclient 0]# ls -l
total 0
lrwxrwxrwx. 1 root root 22 Feb 14 14:28 p11-kit -> /run/user//p11-kit
[root@ipaclient 0]# p11tool --provider=/usr/lib64/pkcs11/p11-kit-client.so
On Fri, Feb 14, 2020 at 06:27:40PM -, Leon Castellano via FreeIPA-users
wrote:
> Sumit,
>
> If I manually set the XDG_RUNTIME_DIR for root pointing to my user's one it
> works:
Hi,
what about linking /run/user/0/p11-kit to /run/user/p11-kit, does
this make p11tool work as well? And if
Sumit,
If I manually set the XDG_RUNTIME_DIR for root pointing to my user's one it
works:
[user@ipaclient][~]$ env|grep RUNTIME
XDG_RUNTIME_DIR=/run/user/
[user@ipaclient][~]$ su -
Password:
[root@ipaclient ~]# export XDG_RUNTIME_DIR=/run/user/
[root@ipaclient ~]# p11tool
Hi Sumit,
Ya, root doesn't see it.
Here's the result:
[user@ipaclient][~]$ p11tool --list-tokens
Token 0:
URL:
pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
Label: System Trust
Type: Trust module
Flags: uPIN uninitialized
On Fri, Feb 14, 2020 at 03:27:40PM -, Leon Castellano via FreeIPA-users
wrote:
> Hi Alexander,
>
> Here's what I'm seeing over Console:
>
> ipaclient login: user
> PIN for PIV_II:
> ipaclient$ p11tool --list-tokens
> Token 0:
> URL:
>
Hi Alexander,
Here's what I'm seeing over Console:
ipaclient login: user
PIN for PIV_II:
ipaclient$ p11tool --list-tokens
Token 0:
URL:
pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
Label: System Trust
Type: Trust module
Hello,
I’m trying to understand when/how the different KVNO versions in a file should
or shouldn’t work. We have a Dell EMC Unity box that’s giving us fits on what
it will accept for a keytab file with different KVNO versions. I’m not sure if
I’m misunderstanding something, or there’s a bug
Hi Rob,
I was able to start my CA via instructions from here:
https://www.redhat.com/archives/freeipa-users/2017-January/msg00215.html
I also tried to set the clock back and restart certmonger. Still no luck:
getcert list gives me the following:
Number of certificates and requests being
On pe, 14 helmi 2020, lejeczek via FreeIPA-users wrote:
hi everyone,
I did something pretty vanilla:
$ ipa-adtrust-install --unattended --admin-password=xxx
Process showed first some warning about "unattended" but then this:
Configuring CIFS
[1/24]: validate server hostname
[2/24]:
hi everyone,
I did something pretty vanilla:
$ ipa-adtrust-install --unattended --admin-password=xxx
Process showed first some warning about "unattended" but then this:
Configuring CIFS
[1/24]: validate server hostname
[2/24]: stopping smbd
[3/24]: creating samba domain object
[4/24]:
On pe, 14 helmi 2020, Florence Blanc-Renaud via FreeIPA-users wrote:
On 2/14/20 9:39 AM, lejeczek via FreeIPA-users wrote:
On 13/02/2020 14:46, Fraser Tweedale wrote:
On Thu, Feb 13, 2020 at 11:59:34AM +, lejeczek via FreeIPA-users
wrote:
hi everyone,
how, if possible at, to have IPA
On 2/14/20 9:39 AM, lejeczek via FreeIPA-users wrote:
On 13/02/2020 14:46, Fraser Tweedale wrote:
On Thu, Feb 13, 2020 at 11:59:34AM +, lejeczek via FreeIPA-users
wrote:
hi everyone,
how, if possible at, to have IPA sing a cert sign request which is
not part of IPA's domain/realm?
many
On 13/02/2020 14:46, Fraser Tweedale wrote:
> On Thu, Feb 13, 2020 at 11:59:34AM +, lejeczek via FreeIPA-users
> wrote:
>> hi everyone,
>>
>> how, if possible at, to have IPA sing a cert sign request which is
>> not part of IPA's domain/realm?
>>
>> many thanks, L.
>>
> You sure can. Just add
16 matches
Mail list logo