Hi,
Ok, I don't know where to start, but let's see if I can explain this.
We use a product that uses certificates (a la smart cards) to log in
RHEL 8/9 on behalf of users.
Sumit has helped me in June but we didn't finish debugging this.
The bottom of the issue is that, when krb5-pkinit is present on the
system, the certificates do not work. When it isn't, it works.
On RHEL 8, for example, it works right away, after I configure sssd.conf
and install the CA certificates. But Sumit asked me if krb5-pkinit was
installed, and it wasn't. When I install it, it breaks the whole thing.
On RHEL 9, krb5-pkinit comes pre-installed. So the certificate-based
authentication doesn't work. I then remove the package. It then starts
to work.
Is there something I'm missing here? Should I somehow configure
krb5-pkinit in a way that I can get my certificate/smartcard
authentication to work with krb5-pkinit installed? Are there any
security issues to have that authentication working without the
krb5-init?
Best,
Francis
--
Francis Augusto Medeiros-Logeay
Oslo, Norway
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
