It turns out that this was a permissions issue. Everything works now. Thanks.
On Sat, Apr 30, 2016 at 11:26 PM, Prasun Gera <[email protected]> wrote: > Ah, this doesn't work on ubuntu (14.04). The command itself works, but > sshd on ubuntu isn't probably compiled with support for this although I see > "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" in sshd_config. I > don't think the freeipa/sssd ppas package sshd. Any way to get this working > on ubuntu 14.04 ? > > On Fri, Apr 29, 2016 at 12:30 PM, Anon Lister <[email protected]> > wrote: > >> Yep sorry I missed that. You need to put your public keys in IPA. >> On Apr 29, 2016 3:32 AM, "Jakub Hrozek" <[email protected]> wrote: >> >> On Thu, Apr 28, 2016 at 09:14:48PM -0400, Prasun Gera wrote: >> > > >> > > Your can still authenticate with SSH keys, but to access any NFS 4 >> shares >> > > they will need a Kerberos ticket, which can be obtained via a 'kinit' >> after >> > > logging in. >> > > >> > >> > Then how does the key authentication work if the .ssh directory on nfs4 >> is >> > not accessible ? Doesn't the key authentication process rely on >> > .ssh/authorized keys being readable by the authentication module ? >> >> SSSD can fetch the authorized keys from IPA, see man >> sss_ssh_authorizedkeys(1) >> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
