On Thu, Mar 12, 2020 at 03:13:57PM -0000, Hristina Marosevic wrote:
On Fri, Mar 06, 2020 at 12:44:35PM -0000, Hristina Marosevic wrote:
Hi,
no [pam] is not needed for your use case, access via ssh.
This command looks for certificates from a Smartcard connected to the local system. However p11_child is used to validate the certificates for the ssh key generation as well. You should add debug_level = 9 to the [ssh] section of sssd.conf and then check sssd_ssh.log and p11_child.log after calling sss_ssh_authorized_keys.
HTH
bye, Sumit
I can not find a file named p11_child.log (i searched everything from the root directory) The only thing related to p11_child is executable /usr/libexec/sssd/p11_child - should I use it to generate log? Can you please help me with this?
Hi,
the file should be in the SSSD log directory, so typically /var/log/sssd/p11_child.log.
Since it does not exists, p11_child was not called to validate the certificates. In this case sssd_ssh.log is the only source of information. Feel free to send the file or the part of the log file which covers the time where sss_ssh_authorized_keys was called.
bye, Sumit
BR, Hristina _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...