hi, for posterity's sake, this appears to be a problem with kcm (whatever that is, don't know yet, will look it up later).
I turned it off in /etc/krb5.conf.d/kcm_default_ccache (just comment the two not comment lines) and after restart sssd or rebooting, with selinux enabled, it works. the ticket cache falls back to a keyring one and after logging in with just a pin code and the certificate in the card, I have a token. I have learnt a lot about how this works ;-), thanks Sumit, Alexander and, indirectly through her blogpost, Florence. Would it be possible to allow two or more certificates in the smart-card? We plan on using yubikeys, and that is just one of its strengths: several slots to keep different keys. -- Groeten, natxo
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
