#2186 FAST does not work in SSSD 1.11.2 in Fedora 20
Closed: Fixed None Opened 6 years ago by abbra.

I have configured FreeIPA with two-factor authentication and set up SSSD to try FAST. SSSD runs on IPA master itself:

krb5_use_fast = try
krb5_fast_principal = host/master.ipa.test

When trying to login through SSH to the master.ipa.test, I've entered OTP key and in SSSD logs I can see that SSSD krb5 child did negotiate FAST, obtained the ticket for the user and finally stored it in the keyring ccache. However, SSSD's domain child did receive a response back that it didn't understand, therefore, full logon failed.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.4

Fields changed

resolution: => fixed
status: new => closed

Fields changed

changelog: => Helps enable the use of OTP with an IPA server.

Metadata Update from @abbra:
- Issue set to the milestone: SSSD 1.11.4

2 years ago

Login to comment on this ticket.