So here are the three logfiles as a gzipped tar-ball. I did some cleanup for data protection purposes: 1. Where the certificate used was listed as a base64-encoded string I replaced it with ... and some trailing bytes of the string.2. I replaced the real realm and domain used with the word "realm" where the realm appeared in lowercase and "REALM" where the realm appeared in upper case. In sssd.conf the domain and the realm are the same and given in upper case. The subject name of the certificate used for the tests was "CN=bernd, UID=<number>". Obviously one can't deduce the domain or realm of the user from the subject given in the certificate. The ldap-entry of the user does not contain the domain or the kerberos principal name either, the principal name is found as a subject alt name extension in the certificate only (which is included in the ldap-entry of the user). I have probably have to change something here, may it be including the kerberos principal name in the ldap entry of the user or in the subject name of the certificate or some totally different kind of magic.
Thank you in advance for any help here. Tallinn
sssd_pam.log.tar.gz
Description: application/gzip
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
