On Tue, Feb 09, 2016 at 04:54:55PM -0600, Michael Rainey (Contractor) wrote:
> Greetings,
> 
> I have a question about migrating a system from NIS to freeIPA.  In my
> efforts of setting up a host on freeIPA I would normally use a fresh install
> to setup the system.  I'm now at a point where I'm moving existing systems
> from an NIS domain to a freeIPA domain.  Is it recommended to perform a
> clean install for every new host added to the domain?
> 
> During my testing, I have found running the ipa-client-install command does
> a great job of adding the host to the domain, but when I try to use the
> smart card it is never recognized by gdm.  I tried tweaking some of the
> configurations to get GDM to recognize the card with no luck.  Is there a
> checklist available that I could follow to make sure everything is

All you have to do after running ipa-client-install is to add
'pam_cert_auth = True' to the [pam] section of sssd.conf. This is not
enabled by default since checking the Smartcard in the reader takes some
time and will slow down authentication.

If new a user tries to login which has his certificates stored in the
user entry on the IPA server and a Smartcard with a certificate in the
reader gdm will not ask for a password but for the Smartcard pin.

HTH

bye,
Sumit

> configured properly?  All configurations work when using a username and
> password.
> -- 
> *Michael Rainey*

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to