freeipa/ipaserver/advise/plugins
Florence Blanc-Renaud 7729bb73b4 ipa-advise: configure pam_cert_auth=True for smart card on client
ipa-advise config-client-for-smart-card-auth is now using authselect
instead of authconfig, but authselect enable-feature with-smartcard
does not set pam_cert_auth=True in /etc/sssd/sssd.conf.
As a result, smart card auth on a client fails.
The fix adds a step in ipa-advise to configure pam_cert_auth=True.

The fix also forces the use of python3 interpreter, and handles
newer versions of SSSD which use OpenSSL instead of NSS (the trusted
CA certs must be put into /etc/sssd/pki/sssd_auth_ca_db.pem

Fixes https://pagure.io/freeipa/issue/7532

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-09-19 10:13:15 +02:00
..
__init__.py Provide ipa-advise tool 2013-07-17 13:49:59 +02:00
admins_sudo.py Advise plugin for enabling sudo for members of the admins group 2018-09-12 10:43:06 -04:00
legacy_clients.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
smart_card_auth.py ipa-advise: configure pam_cert_auth=True for smart card on client 2018-09-19 10:13:15 +02:00