Hi, so, this might be a bit of a conundrum as I haven’t seen this kind of implementation documented and instead IpA is used.
We’re trying to implement SSO on some SLED Workstations with 389ds as id provider and kerberos with pkinit as the auth provider. We managed to log in to the gnome desktop whenever we use just kerberos with a shared secret and NOT with the pkinit. We also managed to authenticate against the KDC with pkinit and generate the tgt within the gnome desktop but when we try to log in with pkinit (using a smartcard at the gdm login screen) GDM freeze and never opens the desktop.
We have the certificates inside the smartcard mapped in sssd and we think the login is being successful, and the problem might be coming from a wrong pam configuration but I personally haven’t found any documentation on SLE. I’ve seen it documented in ubuntu and RHEL but I haven’t been able to replicate the configuration in here.