On Wed, Nov 28, 2018 at 04:57:17PM -0700, Orion Poplawski wrote:
> I configured a YubiKey on Windows using the YubiKey minidriver with the
> following certificates:
>
> - my "orion" certificate - went into slot 9a PIV Auth
> - A MacOS keychain cert per their docs - when into slot 9d Key Management
> - Another auth certificate for "orion-admin" - went into slot 82
>
> I'm able to authenticate on Windows as either orion or orion-admin, but on
> Linux with sssd it does not see the orion-admin certificate. What needs to
> happen to support this?
Which version of SSSD are you using?
Can you sent the output of
p11tool --list-all --provider opensc-pkcs11.so
and
/usr/libexec/sssd/p11_child -d 10 --debug-fd=1 --nssdb=/etc/pki/nssdb --pre
(in case you use a very recent OpenSSL build of SSSD please use
'--nssdb=/etc/sssd/pki/sssd_auth_ca_db.pem' or the place where your CA
certifcates are stored).
bye,
Sumit
>
> Thanks!
>
> --
> Orion Poplawski
> Manager of NWRA Technical Systems 720-772-5637
> NWRA, Boulder/CoRA Office FAX: 303-415-9702
> 3380 Mitchell Lane [email protected]
> Boulder, CO 80301 https://www.nwra.com/
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
