Kerberos ticket from SSSD smartcard login
I've got some RHEL 7.5 servers joined to an Active Directory domain using SSSD. I have my smartcard mapped to my AD account with the file I created at /etc/pam_pkcs11/cn_map. This allows me to login, but I do not recieve a kerberos ticket that I can see with klist. When I run kinit, it prompts me for a password, but I need this to work with just my smartcard.
Has anyone been able to get this working? I have been reviewing the Red Hat Windows integration guide and the upstream SSSD project documentation, and have not yet found the answer.
Responses