On 11/28/18 4:57 PM, Orion Poplawski wrote: > I configured a YubiKey on Windows using the YubiKey minidriver with the > following certificates: > > - my "orion" certificate - went into slot 9a PIV Auth > - A MacOS keychain cert per their docs - when into slot 9d Key Management > - Another auth certificate for "orion-admin" - went into slot 82 > > I'm able to authenticate on Windows as either orion or orion-admin, but on > Linux with sssd it does not see the orion-admin certificate. What needs to > happen to support this? > > Thanks! >
After reading some of: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf I'm very curious as to why the admin key and certificate went into slot 82. From my understanding slots 82-95 are for "Retired Key Management" - i.e. keys that have been retired/expired/replaced. Unless this specification has been abandoned in some way? I've asked the above question of Yubico - perhaps they will have an answer. In any case this is definitely a non-standard application. -- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 https://www.nwra.com/ _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org