[Freeipa-users] ssh pubkeys and and AD
Nathanaël Blanchet
blanchet at abes.fr
Wed Feb 15 16:58:19 UTC 2017
Hi,
I successfully set an active trust between my linux IPA domain and AD.
I added a few AD account to id views, and I can sucessfully login to my
linux machines with plain password.
Now, I added my ssh pub key to these servers and I see two kinds of
behaviour:
* I can login with the ssh pubkey on new created account (with id view)
* But on previous created account, if I first login with a password
and switch to a pub key authentication, I can't login without password.
* In opposite, if I remove the key to a user that sucessfully
authenticated, he still can continue to login without password.
I suppose it must exist a cache system, I tried to see several option in
sssd.conf as |offline_credentials_expiration,
||account_cache_expiration, ||entry_cache_timeout, but nothing changes.|
|Thank you for your help.
|
--
Nathanaël Blanchet
Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet at abes.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170215/f7fdc8fc/attachment.htm>
More information about the Freeipa-users
mailing list