IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 00:41:25 -06:00
Code Issues Packages Projects Releases Wiki Activity
c115efd1e8
freeipa/ipaserver/advise
History
Florence Blanc-Renaud 7729bb73b4 ipa-advise: configure pam_cert_auth=True for smart card on client 
ipa-advise config-client-for-smart-card-auth is now using authselect
instead of authconfig, but authselect enable-feature with-smartcard
does not set pam_cert_auth=True in /etc/sssd/sssd.conf.
As a result, smart card auth on a client fails.
The fix adds a step in ipa-advise to configure pam_cert_auth=True.

The fix also forces the use of python3 interpreter, and handles
newer versions of SSSD which use OpenSSL instead of NSS (the trusted
CA certs must be put into /etc/sssd/pki/sssd_auth_ca_db.pem

Fixes https://pagure.io/freeipa/issue/7532

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-09-19 10:13:15 +02:00
..
plugins ipa-advise: configure pam_cert_auth=True for smart card on client 2018-09-19 10:13:15 +02:00
__init__.py Provide ipa-advise tool 2013-07-17 13:49:59 +02:00
base.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00