Due to a certificate mapping issue the subsystem certificate can
be mapped into either the subsystem user or pkidbuser, which may
cause problems since the users don't belong to the same groups.
As a temporary solution the pkidbuser is now added into the same
groups. This way the client subsystem can always access the
services regardless of which user the certificate is actually
mapped to.
https://fedorahosted.org/pki/ticket/1595
--
Endi S. Dewata