On Wed, Feb 03, 2016 at 01:14:20PM -0600, Michael Rainey (Contractor) wrote: > Please disregard this message. I discovered the answer after the message > was sent. > > There is a locks file in /etc/dconf/db/distro.d/locks. I edited the > /etc/dconf/db/distro.d/10-authconfig and rebooted. It is recognizing the > smartcard now.
Don't switch on the Smartcard support in gdm, if will force gdm to use pam_krb5 and pam_pkcs11. Just use the default configuration after running ipa-client-install and add 'pam_cert_auth = True' to the [pam] section of sssd.conf. If now a user tries to login via gdm or the console and has a Smartcard inserted which has a certificate which matches the one in the user entry on the IPA server SSSD will not ask for a password but for the Smartcard PIN. HTH bye, Sumit > > *Michael Rainey* > NRL 7320 > Computer Support Group > Building 1009, Room C156 > Stennis Space Center, MS 39529 > On 02/03/2016 12:52 PM, Michael Rainey (Contractor) wrote: > >Hello, > > > >How does one manually enable smart card login on GDM without using the > >authconfig command? I've tried using gsettings and dconf-editor. The > >"enable-smartcard-authentication" seems to locked at false. > > > >Sumit suggested to not use authconfig to enable smartcard login, because > >it tweaks the pam configuration to the point that an IPA client is unable > >to authenticate using the smartcard. > > > >Any suggestions? > >-- > >*Michael Rainey* > >NRL 7320 > >Computer Support Group > >Building 1009, Room C156 > >Stennis Space Center, MS 39529 > > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project