Just an update. The fix for me is setting this in the pam stanza pam_response_filter = ENV:KRB5CCNAME
On 19 July 2018 at 12:56, John Hearns <hear...@googlemail.com> wrote: > Jakub, > again thankyou for your reply. I am still debugging this one. I think I > have narrowed it down to a PAM configuration, after I ran sssd with a high > debug level. > For anyone following this thread: > > /usr/sbin/ssshd -ddd > > The failure I get is: PAM: do_pam_account pam_acct_mgmt = 4 (System error) > > I think (not sure yet) that the problem is in pam.d/common-account where a > local user is looked for: > account sufficient pam_localuser.so > > I have been getting different behaviour this morning - I suspect because > of sssd cacheing. Am running now with > memcache_timeout = 0 > > > > > > > > > > > > > > > > > > > On 19 July 2018 at 11:18, Jakub Hrozek <jhro...@redhat.com> wrote: > >> >> >> > On 11 Jul 2018, at 15:28, John Hearns <hear...@googlemail.com> wrote: >> > >> > I have set up an sss_override for my user account >> > >> > johe:*:1234:1234:John Hearns,,,:/home/johe:/bin/bash >> > >> > I also have an entry in the locla /etc/passwd file. >> > When I ssh to a server running sssd my ssh key is accepted. >> > >> > When I have no local /etc/passwd >> > When I ssh to a server running sssd my ssh key is not used and I am >> prompted for a password >> >> Is that a local SSH key stored in the user’s home or in LDAP? If a local >> one, then I think the only important thing is to tell SSH where to look at, >> so the homedir must be correct and of course the user must have the correct >> UID and GID to be allowed to enter that homedir. >> >> > >> > Can anyone explain please? >> > >> > The answer will be along the lines of at what stage in the ssh login >> the override is being 'honoured' >> > However this is a bit of a major problem. I guess also I will be told >> that I have done something wrong. >> > _______________________________________________ >> > sssd-users mailing list -- sssd-users@lists.fedorahosted.org >> > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> > List Archives: https://lists.fedoraproject.or >> g/archives/list/sssd-users@lists.fedorahosted.org/message/AR >> ZQMHUEUBXR53P7XG5QSFMDU6KHBK3O/ >> _______________________________________________ >> sssd-users mailing list -- sssd-users@lists.fedorahosted.org >> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.or >> g/archives/list/sssd-users@lists.fedorahosted.org/message/DL >> 67YE2ZEIQ5LY2UCIVRRW5U7DLM7LMZ/ >> > >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/OG4J7BNRRMUXXQKJWJQZRWKOQ2P6742U/