On Wed, Sep 21, 2016 at 12:58:52PM -0000, niger niger wrote:
> Thank's for your reply.
> If it could help, i cat setup CentOS in same configuration.
> It turns out that authentication already worked. I just didn't assume that
> pam_sss doesn't enter user name as it does pam_pkcs11.
> It works so:
> 1. insert usb token
> 2. select user name on the gdm screen (how to disconnect user list in gdm
> fedora 24, a method using dconf doesn't work?)
Please note that gdm uses the dconf profile 'gdm' with is configured as:
# cat /usr/share/dconf/profile/gdm
If I understand it correctly you have to modify the dconf configuration
as user gdm with DCONF_PROFILE=gdm set.
> 3. see a pin request instead of the password
> 4. enter PIN
> 5. login.
> But the user doesn't receive kerberos ticket, but id command work correct.
> $ klist
> klist: Credentials cache keyring 'persistent:1529438613:1529438613' not found
I'm sorry, but pkinit is currently work-in-progress. I might be able to
prepare a test package for Fedora 24 at the end of next week. If you
don't mind please ping me next week to get an update.
> If the same user enters using password, then receives kerberos ticket.
> For me it is a big problem.
> sssd-users mailing list -- email@example.com
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
sssd-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org