2013/3/19 Jakub Hrozek <jhrozek(a)redhat.com>
On Tue, Mar 19, 2013 at 07:15:21PM +0100, Jakub Hrozek wrote:
> On Tue, Mar 19, 2013 at 01:56:20PM -0400, Mathieu Lemoine wrote:
> > Hello,
> > I have sssd 1.9.4 (from
> > https://launchpad.net/~nicholas-hatch/+archive/auth/+packages
> > on an OpenLDAP server.
> > getent passwd, getent group, authentication and cache is working great.
> > My issue now lies with the SSH public key.
> > My user has the ldapPublicKey objectClass, and the key is in the
> > sshPublicKey attribute.
> > sss_ssh_authorizedkeys is still returning "Error looking up public
> > An inquiry on the #sssd chan directed me to this mailing-list and more
> > precisely to jcholast, I tried to check out the commits, but nothing
> > to get out of it...
> Full disclosure: I was the one who redirected Mathieu to you, Honza :-)
> > If any of you had informations regarding that, it'd be greatly
> > Mathieu.
> I think as a first step, it would be nice to put debug_level=8 into the
> [ssh] section of the sssd.conf file, restart the SSSD and then attach
> the ssh responder logs (/var/log/sssd/sssd_nss.log).
Sorry, this is a copy-n-paste error. The *ssh* responder log is located
The path I copied was the *nss* responder log. Sorry again.
Ok, so first point, I didn't know I needed a sss responder for ssh (not
mentionned anywhere as far as I know). Thanks for this.
I added ", ssh" to the "services" line and restarted sssd.
sss_ssh.log stays hopelessly empty even with debug_level 10 and I still
have the sshPublicKey is not available in sss_office.log
However sss_ssh_authorizedkeys now doesn't return any error, just a big
Attached is the ldif of my user (I removed any sensitive information,
anyway, the entry has been fetched using anonymous access, so passwords and
such has been left aside.