After entering the correct pin for the card, this is an anonymized version of krb5_child.log: (2021-05-06 16:27:42): [krb5_child[598307]] [main] (0x0400): krb5_child started. (2021-05-06 16:27:42): [krb5_child[598307]] [unpack_buffer] (0x1000): total buffer size: [189] (2021-05-06 16:27:42): [krb5_child[598307]] [unpack_buffer] (0x0100): cmd [249] uid [57252887] gid [57200513] validate [true] enterprise principal [true] offline [false] UPN [usern...@xxxxx.xxxxx.net (2021-05-06 16:27:42): [krb5_child[598307]] [unpack_buffer] (0x2000): No old ccache (2021-05-06 16:27:42): [krb5_child[598307]] [unpack_buffer] (0x0100): ccname: [KCM:] old_ccname: [not set] keytab: [/etc/krb5.keytab] (2021-05-06 16:27:42): [krb5_child[598307]] [check_use_fast] (0x0100): Not using FAST. (2021-05-06 16:27:42): [krb5_child[598307]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket (2021-05-06 16:27:42): [krb5_child[598307]] [switch_creds] (0x0200): Switch user to [0][0]. (2021-05-06 16:27:42): [krb5_child[598307]] [switch_creds] (0x0200): Already user [0]. (2021-05-06 16:27:42): [krb5_child[598307]] [main] (0x2000): Running as [0][0]. (2021-05-06 16:27:42): [krb5_child[598307]] [set_lifetime_options] (0x0100): No specific renewable lifetime requested. (2021-05-06 16:27:42): [krb5_child[598307]] [set_lifetime_options] (0x0100): No specific lifetime requested. (2021-05-06 16:27:42): [krb5_child[598307]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] (2021-05-06 16:27:42): [krb5_child[598307]] [main] (0x0400): Will perform pre-auth (2021-05-06 16:27:42): [krb5_child[598307]] [tgt_req_child] (0x1000): Attempting to get a TGT (2021-05-06 16:27:42): [krb5_child[598307]] [get_and_save_tgt] (0x4000): Found Smartcard credentials, trying pkinit. (2021-05-06 16:27:42): [krb5_child[598307]] [get_pkinit_identity] (0x4000): Got [IDPrime (basic)][/usr/lib64/pkcs11/libiidp11.so]. (2021-05-06 16:27:42): [krb5_child[598307]] [get_pkinit_identity] (0x4000): Using pkinit identity [PKCS11:module_name=/usr/lib64/pkcs11/libiidp11.so:token=IDPrime (basic):certid=800E531104A944C4]. (2021-05-06 16:27:42): [krb5_child[598307]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [XXXXX.XXXXX.NET] (2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656719: Getting initial credentials for username\@xxxxx.xxxxx....@xxxxx.xxxxx.net
(2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656721: Sending unauthenticated request (2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656722: Sending request (244 bytes) to XXXXX.XXXXX.NET (2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656723: Sending initial UDP request to dgram 192.168.0.1:88 (2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656724: Received answer (215 bytes) from dgram 192.168.0.1:88 (2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656725: Response was from master KDC (2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656726: Received error from KDC: -1765328359/Additional pre-authentication required (2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656729: Preauthenticating using KDC method data (2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656730: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-T$ (2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656731: Selected etype info: etype aes256-cts, salt "XXXXX.XXXXX.NETusername", params "" (2021-05-06 16:27:42): [krb5_child[598307]] [sss_krb5_responder] (0x4000): Got question [password]. (2021-05-06 16:27:42): [krb5_child[598307]] [sss_krb5_prompter] (0x4000): sss_krb5_prompter name [(null)] banner [(null)] num_prompts [1] EINVAL. (2021-05-06 16:27:42): [krb5_child[598307]] [sss_krb5_prompter] (0x4000): Prompt [0][Password for username\@xxxxx.xxxxx....@xxxxx.xxxxx.net]. (2021-05-06 16:27:42): [krb5_child[598307]] [sss_krb5_prompter] (0x0020): Cannot handle password prompts. (2021-05-06 16:27:42): [krb5_child[598307]] [sss_child_krb5_trace_cb] (0x4000): [598307] 1620311262.656732: Preauth module encrypted_timestamp (2) (real) returned: -1765328254/Cannot read password (2021-05-06 16:27:42): [krb5_child[598307]] [sss_krb5_get_init_creds_password] (0x0020): 1627: [-1765328174][Pre-authentication failed: Cannot read password] (2021-05-06 16:27:42): [krb5_child[598307]] [get_and_save_tgt] (0x0400): krb5_get_init_creds_password returned [-1765328174] during pre-auth. (2021-05-06 16:27:42): [krb5_child[598307]] [k5c_send_data] (0x0200): Received error code 0 (2021-05-06 16:27:42): [krb5_child[598307]] [pack_response_packet] (0x2000): response packet size: [12] (2021-05-06 16:27:42): [krb5_child[598307]] [k5c_send_data] (0x4000): Response sent. (2021-05-06 16:27:42): [krb5_child[598307]] [main] (0x0400): krb5_child completed successfully _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
