<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi, <br>
</p>
<p>I successfully set an active trust between my linux IPA domain
and AD. <br>
I added a few AD account to id views, and I can sucessfully login
to my linux machines with plain password.<br>
</p>
<p>Now, I added my ssh pub key to these servers and I see two kinds
of behaviour:<br>
<br>
</p>
<ul>
<li>I can login with the ssh pubkey on new created account (with
id view)<br>
</li>
<li>But on previous created account, if I first login with a
password and switch to a pub key authentication, I can't login
without password.</li>
<li>In opposite, if I remove the key to a user that sucessfully
authenticated, he still can continue to login without password.</li>
</ul>
<p>I suppose it must exist a cache system, I tried to see several
option in sssd.conf as <code class="command">offline_credentials_expiration,
</code><code class="command">account_cache_expiration, </code><code
class="command">entry_cache_timeout, <font size="+1">but
nothing changes.</font></code></p>
<p><code class="command"><font size="+1">Thank you for your help.</font><br>
</code></p>
<pre class="moz-signature" cols="72">--
Nathanaël Blanchet
Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
<a class="moz-txt-link-abbreviated" href="mailto:blanchet@abes.fr">blanchet@abes.fr</a> </pre>
</body>
</html>