Hello,
I'm having trouble adding etoken support to SSSD/openldap on a gentoo.
I have setup nssdb in /etc/pki/nssdb and add Safenet library to access
etoken.
I can successfully get the certificate in token with :
# /usr/libexec/sssd/p11_child --pre --nssdb=/etc/pki/CA/
now, to sssd itself ;
I'm trying an ssh login, and the output on term is :
# ssh bar(a)example.com
Please enter smart card
Please enter smart card
Please enter smart card
bar(a)example.com: Permission denied (publickey,keyboard-interactive).
I can see in p11_child.log that, it use nssdb to (successfully !)
connect to the smartcard.
I can see the correct label, the correct subject.
The keyId is found (I don't understand why i need it and I'm not sure if
the value i picked is right ?)
Anyway, I get my uri, everything seem fine on this side.
Looking at sss_LDAP.log, i can see the request, everything look cool, i
got :
sssd.dataprovider.pamHandler: Success
On the other side, in sss_pam.log i can see the same request but it end
with :
[pam_dp_send_req_done] (0x0200): received: [28 (Module inconnu)][LDAP]
(..)
[pam_eval_prompting_config] (0x4000): No prompting configuration
found.
(Thu Apr 2 15:23:08 2020) [sssd[pam]] [pam_reply] (0x0200): blen: 21
(Thu Apr 2 15:23:08 2020) [sssd[pam]] [pam_reply] (0x0200):
Returning [28]: Module inconnu to the client
(Thu Apr 2 15:23:08 2020) [sssd[pam]] [client_recv] (0x0200):
Client disconnected!
I'm confused at how to understand this.
The sssd.conf is attached.
Thanks,
Marc