Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/2977 If certificates are stored in the user entry they can be used to generate public SSH keys. If multiple certificates are stored in the user entry and one if them is invalid, the whole SSH key generation is canceled. It would be better if only the invalid certificates are skipped on the others are used to generate the public SSH keys.
*** Bug 1299994 has been marked as a duplicate of this bug. ***
[root@dhcp129-184 ~]# rpm -qi sssd Name : sssd Relocations: (not relocatable) Version : 1.13.3 Vendor: Red Hat, Inc. Release : 52.el6 Build Date: Fri 09 Dec 2016 07:56:23 AM EST Install Date: Fri 09 Dec 2016 02:08:14 PM EST Build Host: x86-041.build.eng.bos.redhat.com Group : Applications/System Source RPM: sssd-1.13.3-52.el6.src.rpm Size : 35147 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon ssh prompts for pin when the smartcard has a valid and an invalid cert (revoked/expired)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0632.html