It turns out that this was a permissions issue. Everything works now.
Thanks.
On Sat, Apr 30, 2016 at 11:26 PM, Prasun Gera wrote:
> Ah, this doesn't work on ubuntu (14.04). The command itself works, but
> sshd on ubuntu isn't probably compiled with support for this although I see
> "AuthorizedK
Ah, this doesn't work on ubuntu (14.04). The command itself works, but sshd
on ubuntu isn't probably compiled with support for this although I see
"AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" in sshd_config. I
don't think the freeipa/sssd ppas package sshd. Any way to get this working
on
Yep sorry I missed that. You need to put your public keys in IPA.
On Apr 29, 2016 3:32 AM, "Jakub Hrozek" wrote:
On Thu, Apr 28, 2016 at 09:14:48PM -0400, Prasun Gera wrote:
> >
> > Your can still authenticate with SSH keys, but to access any NFS 4
shares
> > they will need a Kerberos ticket, whi
On Thu, Apr 28, 2016 at 09:14:48PM -0400, Prasun Gera wrote:
> >
> > Your can still authenticate with SSH keys, but to access any NFS 4 shares
> > they will need a Kerberos ticket, which can be obtained via a 'kinit' after
> > logging in.
> >
>
> Then how does the key authentication work if the .s
>
> Your can still authenticate with SSH keys, but to access any NFS 4 shares
> they will need a Kerberos ticket, which can be obtained via a 'kinit' after
> logging in.
>
Then how does the key authentication work if the .ssh directory on nfs4 is
not accessible ? Doesn't the key authentication pr
Your can still authenticate with SSH keys, but to access any NFS 4 shares
they will need a Kerberos ticket, which can be obtained via a 'kinit' after
logging in. I forget what the default timeout is but they do expire, and at
that point access to those shares (by a user or process acting as that
us
>
> Moreover, if you login through an SSH key, you don't get a ticket on
> login and you can't kinit, so you can't access any network resources
> anyway..
>
>
A bit off topic, but a related question:
How does nfsv4 work with ssh keys ? Does it mean that you can't use ssh
keys if /home is nfsv4 moun
Unfortunately I've been swapping tasks enough that I keep forgetting
where I left off here. But I'm pretty sure the problem was that sssd
would stop a user who was disabled (as you mention) but not if they
were expired, either the account itself with krbPrincipalExpiration or
the password with krb
On Thu, Apr 21, 2016 at 01:26:19PM -0400, Steve Huston wrote:
> On Tue, Apr 19, 2016 at 11:57 AM, Jakub Hrozek wrote:
> > Did you test that this actually fails with id_provider=ipa? I would
> > assume the IPA KDC would kick you out and prompt for a new password..
>
> If you're using a password, y
On Tue, Apr 19, 2016 at 11:57 AM, Jakub Hrozek wrote:
> Did you test that this actually fails with id_provider=ipa? I would
> assume the IPA KDC would kick you out and prompt for a new password..
If you're using a password, yes it kicks back and requires you to
change it. The problem is if you'r
On Mon, Apr 18, 2016 at 12:54:48PM -0400, Steve Huston wrote:
> Following instructions in
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sssd-pwd-expiry.html
> sort-of works to get this done, but I wonder if there's a better way
> to do it. My goal
Following instructions in
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sssd-pwd-expiry.html
sort-of works to get this done, but I wonder if there's a better way
to do it. My goal is twofold: when users are created, they will be
required to have a k
12 matches
Mail list logo