Hello, Quick question, in our krb5.conf we have defined pkinit_identities = PKCS11:/path_to_smartcard_lib pkinit_anchors = FILE:/path_to_cert to allow people to get a kerberos ticket whenever they login.
Now, we also configured sssd to use kerberos as authentication method, which means sssd will try to do a pkinit to get the kerberos ticket (that is, when sssd makes a kinit to get a ticket, it will use the krb5.conf defaults and try to do a kinit with pkinit enabled, which will fail). Now, my question is, can i make sssd to not use pkinit when doing a kinit ? Does that makes sense ? Any suggestions are welcome. Best regards, Patrik Martinsson, Sweden. _______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
