freeipa/ipaserver
Florence Blanc-Renaud 7729bb73b4 ipa-advise: configure pam_cert_auth=True for smart card on client
ipa-advise config-client-for-smart-card-auth is now using authselect
instead of authconfig, but authselect enable-feature with-smartcard
does not set pam_cert_auth=True in /etc/sssd/sssd.conf.
As a result, smart card auth on a client fails.
The fix adds a step in ipa-advise to configure pam_cert_auth=True.

The fix also forces the use of python3 interpreter, and handles
newer versions of SSSD which use OpenSSL instead of NSS (the trusted
CA certs must be put into /etc/sssd/pki/sssd_auth_ca_db.pem

Fixes https://pagure.io/freeipa/issue/7532

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-09-19 10:13:15 +02:00
..
advise ipa-advise: configure pam_cert_auth=True for smart card on client 2018-09-19 10:13:15 +02:00
dnssec Fix pylint 2.0 conditional-related violations 2018-07-12 08:49:43 +02:00
install Remove options.promote from install in ipaserver/install/server/install 2018-09-12 13:11:21 +02:00
plugins Add title to remove dialog of 'Trusts' entity 2018-09-18 13:51:51 +02:00
secrets Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
dcerpc_common.py trust: detect and error out when non-AD trust with IPA domain name exists 2017-12-07 21:18:51 +02:00
dcerpc.py Fix Pylint 2.0 violations 2018-07-14 12:04:19 +02:00
dns_data_management.py Fix race condition in get_locations_records() 2018-07-09 14:36:42 +02:00
Makefile.am Build: Makefiles for Python packages 2016-11-09 13:08:32 +01:00
p11helper.py Fix Pylint 2.0 violations 2018-07-14 12:04:19 +02:00
rpcserver.py Add endpoint for serving i18n requests 2018-07-17 15:32:28 -04:00
servroles.py Removes NTP server role from servroles and description 2018-04-09 11:00:02 -04:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Cleanup shebang and executable bit 2018-07-05 19:46:42 +02:00
topology.py fix incorrect suffix handling in topology checks 2017-06-05 18:37:37 +02:00