Thank's for your reply.
If it could help, i cat setup CentOS in same configuration.
It turns out that authentication already worked. I just didn't assume that
pam_sss doesn't enter user name as it does pam_pkcs11.
It works so:
1. insert usb token
2. select user name on the gdm screen (how to disconnect user list in gdm
fedora 24, a method using dconf doesn't work?)
3. see a pin request instead of the password
4. enter PIN
But the user doesn't receive kerberos ticket, but id command work correct.
klist: Credentials cache keyring 'persistent:1529438613:1529438613' not found
If the same user enters using password, then receives kerberos ticket.
For me it is a big problem.
sssd-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org