Hi!
We store our public ssh keys in AD user account (altSecurityIdentities).
Red Hat release 6.6/sssd 1.11.6. Adding
subdomains_provider = none
alone ends in not being able to get the public key but are asked for our
AD user accounts password.
Adding
ldap_groups_use_matching_rule_in_chain = True
ldap_initgroups_use_matching_rule_in_chain = True
makes the logon time so long that it seems that SSSD forgets the content
of the attribute altSecurityIdentities and we are asked for our AD user
accounts password. But logging on immediatly again we are asked for
public key verification.
Red Hat release 7.1/sssd 1.12.2. . Adding
subdomains_provider = none
alone ends in not being able to get the public key but are asked for our
AD user accounts password.
Adding
ldap_groups_use_matching_rule_in_chain = True
ldap_initgroups_use_matching_rule_in_chain = True
gives the same result. AD user accounts password only. But not the
extended logon time.
How come?
Regards
Davor vusir
Show replies by thread