On Wed, Nov 07, 2018 at 09:53:03PM +, Nathan Harper via FreeIPA-users wrote:
> Hi all,
>
> We have noticed some behaviour that we are trying to work out if it is
> expected or not (or if this is an SSSD thing). We have a pair of FreeIPA
> replicas running on CentOS 7 (v4.5.x), with various
Morning,
We've had this issue and we found out that it is caused by the fact
that sshd when using key-based auth bypasses PAM authentication which
means that the kerberos server is never contacted.
So, don't use passwordless ssh.
Others might have more info on this, but the above solution(!) is