Thank's for your reply.
If it could help, i cat setup CentOS in same configuration.

It turns out that authentication already worked. I just didn't assume that 
pam_sss doesn't enter user name as it does pam_pkcs11. 
It works so:
1. insert usb token
2. select user name on the gdm screen (how to disconnect user list in gdm 
fedora 24, a method using dconf doesn't work?)
3. see a pin request instead of the password
4. enter PIN
5. login.

But the user doesn't receive kerberos ticket, but id command work correct.
$ klist 
klist: Credentials cache keyring 'persistent:1529438613:1529438613' not found

If the same user enters using password, then receives kerberos ticket.
For me it is a big problem.
sssd-users mailing list --
To unsubscribe send an email to

Reply via email to