[SSSD-users] sssd smartcard pam.d

Thu, 15 Aug 2019 10:01:08 -0700 

Hello for all.
I have CentOS 7.6 with last updates. After using realmd authetification AD 
users with password works well.
I try to use smartcards to authetificate users from AD at the linux machines.
After a lot of googling I can use PKINIT to take kerberos tickets for a user by 
using a smartcard and a pincode. this is my krb5.conf:

# cat /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_ccache_name = KEYRING:persistent:%{uid}


        default_realm = "Domain"
        pkinit_anchors = FILE:/etc/pki/nssdb/ca.cer
        pkinit_identities = PKCS11:/usr/lib64/libeTPkcs11.so
        pkinit_eku_checking = kpServerAuth
        pkinit_kdc_hostname = "Domain controller1"
pkinit_kdc_hostname = "Domain controller2"
pkinit_kdc_hostname = "Domain controller3"
        canonicalize = True


[realms]

 "Domain" {
        kdc = "Domain controller1"
        kdc = "Domain controller2"
        kdc = "Domain controller3"
    admin_server = "Domain controller1"
  default_domain = "Domain"
 }

[domain_realm]
 domain = DOMAIN
 .domain = DOMAIN

I put this article inside sssd.conf:
[pam]
pam_cert_auth = true

i think that next step will be a configure pam.d files. but at this step a met 
some problems.
maybe somebody can send me working files from pam.d?
What the next step to make authetification for Gnome Destop on CentOS 7.6?

ps. "authconfig --enablesssd --enablesssdauth --enablesmartcard 
--smartcardmodule=sssd --smartcardaction=1 --updateall" don't work well for me
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]

Reply via email to