Re: [Freeipa-users] Enabling smart card on GDM manually.
On Wed, Feb 03, 2016 at 01:14:20PM -0600, Michael Rainey (Contractor) wrote: > Please disregard this message. I discovered the answer after the message > was sent. > > There is a locks file in /etc/dconf/db/distro.d/locks. I edited the > /etc/dconf/db/distro.d/10-authconfig and rebooted. It is recognizing the > smartcard now. Don't switch on the Smartcard support in gdm, if will force gdm to use pam_krb5 and pam_pkcs11. Just use the default configuration after running ipa-client-install and add 'pam_cert_auth = True' to the [pam] section of sssd.conf. If now a user tries to login via gdm or the console and has a Smartcard inserted which has a certificate which matches the one in the user entry on the IPA server SSSD will not ask for a password but for the Smartcard PIN. HTH bye, Sumit > > *Michael Rainey* > NRL 7320 > Computer Support Group > Building 1009, Room C156 > Stennis Space Center, MS 39529 > On 02/03/2016 12:52 PM, Michael Rainey (Contractor) wrote: > >Hello, > > > >How does one manually enable smart card login on GDM without using the > >authconfig command? I've tried using gsettings and dconf-editor. The > >"enable-smartcard-authentication" seems to locked at false. > > > >Sumit suggested to not use authconfig to enable smartcard login, because > >it tweaks the pam configuration to the point that an IPA client is unable > >to authenticate using the smartcard. > > > >Any suggestions? > >-- > >*Michael Rainey* > >NRL 7320 > >Computer Support Group > >Building 1009, Room C156 > >Stennis Space Center, MS 39529 > > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Enabling smart card on GDM manually.
Hello, How does one manually enable smart card login on GDM without using the authconfig command? I've tried using gsettings and dconf-editor. The "enable-smartcard-authentication" seems to locked at false. Sumit suggested to not use authconfig to enable smartcard login, because it tweaks the pam configuration to the point that an IPA client is unable to authenticate using the smartcard. Any suggestions? -- *Michael Rainey* NRL 7320 Computer Support Group Building 1009, Room C156 Stennis Space Center, MS 39529 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Enabling smart card on GDM manually.
Please disregard this message. I discovered the answer after the message was sent. There is a locks file in /etc/dconf/db/distro.d/locks. I edited the /etc/dconf/db/distro.d/10-authconfig and rebooted. It is recognizing the smartcard now. *Michael Rainey* NRL 7320 Computer Support Group Building 1009, Room C156 Stennis Space Center, MS 39529 On 02/03/2016 12:52 PM, Michael Rainey (Contractor) wrote: Hello, How does one manually enable smart card login on GDM without using the authconfig command? I've tried using gsettings and dconf-editor. The "enable-smartcard-authentication" seems to locked at false. Sumit suggested to not use authconfig to enable smartcard login, because it tweaks the pam configuration to the point that an IPA client is unable to authenticate using the smartcard. Any suggestions? -- *Michael Rainey* NRL 7320 Computer Support Group Building 1009, Room C156 Stennis Space Center, MS 39529 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project