On to, 15 marras 2018, Natxo Asenjo via FreeIPA-users wrote:
hi,
I can successfully login using a smartcard (fedora 29 client, centos 7
kdcs, latest patch level).
However, when I try to access a kerberized service, I need to kinit first,
because I don't have a ticket:
$ klist
klist: Credentials cache 'KCM:1006000001' not found
I already have krb5-pkinit in de client and if I kinit -n I get a
wellknown/anonymous ticket from the kdcs, but this is obviously not what I
had in mind :-)
Am I doing something wrong or is this to be expected?
Enable debug_level=9 in sssd
configuration (domain section) and try to
login with smartcard, then provide krb5_child.log to see what's
happening.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland