On Thu, Nov 15, 2018 at 06:06:01PM +0100, Sumit Bose via FreeIPA-users wrote:
> On Thu, Nov 15, 2018 at 04:17:20PM +0100, Natxo Asenjo via FreeIPA-users
> wrote:
> > hi,
> >
> > for posterity's sake, this appears to be a problem with kcm (whatever that
> > is, don't know yet, will look it up late
On Thu, Nov 15, 2018 at 04:17:20PM +0100, Natxo Asenjo via FreeIPA-users wrote:
> hi,
>
> for posterity's sake, this appears to be a problem with kcm (whatever that
> is, don't know yet, will look it up later).
>
> I turned it off in /etc/krb5.conf.d/kcm_default_ccache (just comment the
> two not
hi,
for posterity's sake, this appears to be a problem with kcm (whatever that
is, don't know yet, will look it up later).
I turned it off in /etc/krb5.conf.d/kcm_default_ccache (just comment the
two not comment lines) and after restart sssd or rebooting, with selinux
enabled, it works.
the tick
On Thu, Nov 15, 2018 at 1:43 PM Sumit Bose wrote:
>
> The pkinit plugin cannot find a valid certificate 'PKINIT client has no
> configured identity; giving up'.
>
> One reason (and that's why I ask for the advise script) are missing CA
> certificates. Do you have something like
>
> pkinit_ancho
On Thu, Nov 15, 2018 at 11:43:22AM +0100, Natxo Asenjo via FreeIPA-users wrote:
> hi,
>
> I found this blog post:
>
> https://floblanc.wordpress.com/2017/06/02/troubleshooting-authentication-to-the-system-console-or-gnome-desktop-manager-of-an-idm-host-with-a-smartcard/
>
> $ ipa certmap-match u
hi,
I found this blog post:
https://floblanc.wordpress.com/2017/06/02/troubleshooting-authentication-to-the-system-console-or-gnome-desktop-manager-of-an-idm-host-with-a-smartcard/
$ ipa certmap-match user.pem
successfully matches my user in the realm.
If I run
$ kinit -X X509_user_identity='P
On Thu, Nov 15, 2018 at 01:23:37PM +0100, Natxo Asenjo wrote:
> On Thu, Nov 15, 2018 at 11:49 AM Alexander Bokovoy
> wrote:
>
> >
> > >Am I doing something wrong or is this to be expected?
> > Enable debug_level=9 in sssd configuration (domain section) and try to
> > login with smartcard, then pr
On Thu, Nov 15, 2018 at 11:49 AM Alexander Bokovoy
wrote:
>
> >Am I doing something wrong or is this to be expected?
> Enable debug_level=9 in sssd configuration (domain section) and try to
> login with smartcard, then provide krb5_child.log to see what's
> happening.
>
ok, here comes (anonymiz
On Thu, Nov 15, 2018 at 12:49:26PM +0200, Alexander Bokovoy via FreeIPA-users
wrote:
> On to, 15 marras 2018, Natxo Asenjo via FreeIPA-users wrote:
> > hi,
> >
> > I can successfully login using a smartcard (fedora 29 client, centos 7
> > kdcs, latest patch level).
> >
> > However, when I try to
On to, 15 marras 2018, Natxo Asenjo via FreeIPA-users wrote:
hi,
I can successfully login using a smartcard (fedora 29 client, centos 7
kdcs, latest patch level).
However, when I try to access a kerberized service, I need to kinit first,
because I don't have a ticket:
$ klist
klist: Credential
10 matches
Mail list logo
