Description of problem:
If a RHEL6 IPA client is connected to a RHEL-7.4 or above IPA server with trust to and AD forest certificates stored in the AD user are written to the SSSD cache of the RHEL6 client in a wrong encoding.
Version-Release number of selected component (if applicable):
With the setup described above run the SSSD ssh responder with debug_level=9 and call 'sss_ssh_authorized_keys firstname.lastname@example.org'.
In the sssd_ssh.log there will be log messages like:
[sssd[ssh]] [cert_to_ssh_key] (0x0040): CERT_NewTempCertificate failed.
indicating that the certificate data is not in the expected format.
The RHEL6 build misses SSSD commit https://pagure.io/SSSD/sssd/c/cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6?branch=master