Noted, I'll hit 'reply-all' from now on.
Looking over those links you sent me, I've decided to:
- Ran 'ipa user-show $user' and verified the certificate returned
- Ran 'ipa certmap-match cert.pem' on an extracted certificate that is also on the SmartCard, it returned my user.
- Ran 'kinit' and it reacted to my smartcard being present, asking for a PIN along with my username being displayed, giving the default pin of '123456' it returned an error I haven't been able to decipher yet:
'kinit: KDC policy rejects request while getting initial credentials'
I think this is the current blocking point in the authentication
process, any ideas what it fully means? My google-fu has failed me
here.
r0nam1 wrote:So far it's a lot of 'I thinks'. I think I've configured OpenSC and pcscd correctly, I think I've configured SSSD correctly, and I think I've configured PAM correctly, if you can give me a list of relevant logs or test commands (Even full directory's of logs) I'll do what I can.Please keep responses on the list. The log to see depends on the behavior. Some additional readings (some are rather old but still relevant): https://floblanc.wordpress.com/?s=smart https://frasertweedale.github.io/blog-redhat/posts/2016-08-12-yubikey-sc-login.html rob