On Wed, Sep 21, 2016 at 12:58:52PM -0000, niger niger wrote: > Thank's for your reply. > If it could help, i cat setup CentOS in same configuration. > > It turns out that authentication already worked. I just didn't assume that > pam_sss doesn't enter user name as it does pam_pkcs11. > It works so: > 1. insert usb token > 2. select user name on the gdm screen (how to disconnect user list in gdm > fedora 24, a method using dconf doesn't work?)
Please note that gdm uses the dconf profile 'gdm' with is configured as: # cat /usr/share/dconf/profile/gdm user-db:user file-db:/usr/share/gdm/greeter-dconf-defaults If I understand it correctly you have to modify the dconf configuration as user gdm with DCONF_PROFILE=gdm set. > 3. see a pin request instead of the password > 4. enter PIN > 5. login. > > But the user doesn't receive kerberos ticket, but id command work correct. > $ klist > klist: Credentials cache keyring 'persistent:1529438613:1529438613' not found I'm sorry, but pkinit is currently work-in-progress. I might be able to prepare a test package for Fedora 24 at the end of next week. If you don't mind please ping me next week to get an update. bye, Sumit > > If the same user enters using password, then receives kerberos ticket. > For me it is a big problem. > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org