[Freeipa-users] Smart Card Login on Fedora 23.
Sumit Bose
sbose at redhat.com
Mon Feb 22 16:17:52 UTC 2016
On Mon, Feb 22, 2016 at 10:03:37AM -0600, Michael Rainey (Contractor) wrote:
> Greetings,
>
> I have a question about using smart card authentication on Fedora 23. We
> have worked out a procedure for setting up smart card login on our SL7.2
> systems and it seems to be working very well. However, when trying to use
> the same process on a Fedora 23 system the process starts to fall apart. On
> SL7.2, smart card login on GDM needs to disabled so SSSD can do its job of
> authenticating. Does the same option need to be disabled for SSSD perform
> the smart card login on Fedora 23? Are there any other details that may
> vary from the RHEL7.2 release?
yes, smart card login on GDM needs to disabled as well. Additionally
please check if you PAM configuration in /etc/pam.d/password-auth and
/etc/pam.d/system-auth contain
...
auth [default=1 success=ok] pam_localuser.so
auth [success=done ignore=ignore default=die] pam_unix.so nullok
try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
...
If not, running 'authconfig --updateall' might help.
HTH
bye,
Sumit
> --
> *Michael Rainey*
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list