We have smartcards (PIV) working just fine on Fedora 25 with FreeIPA client
version 4.4.4 (SSSD 1.14.2). However on Ubuntu 16.04, FreeIPA client
4.3.1, SSSD 1.13.4 the smartcard seems to be ignored.
The smartcard is readable using pkcs11-tools and pkcs15-tools on both
systems.
On both systems sssd.conf contains:
[pam]
pam_cert_auth = True
I've turned the sssd logging up to 9 on both systems and it looks like
p11_child is never called on the Ubuntu system. On the Ubuntu system
p11_child.log is empty and there is no sign of it being started in the
sssd_pam.log.
Any suggestions on what I should look at next?
Thanks,
Steve