Re: [Freeipa-users] FreeIPA with smart card using LightDM
Sumit, Thank you for taking the time to reply to may questions. I'm interested in trying out the suggested test build. I do have a question about using the build. Will the build contain the feature of locking the screen when the smart card is removed? Let me know when the test build is ready. Thanks, *Michael Rainey* On 04/29/2016 03:28 AM, Sumit Bose wrote: On Thu, Apr 28, 2016 at 04:09:16PM -0500, Michael Rainey (Contractor) wrote: I am wondering if anyone out there is currently using freeIPA with smart cards along with LightDM. I have systems running SL7.2 with GDM and I have users that prefer to use XFCE or KDE over the default GNOME-Shell. The problem with GDM is I am not able to get screen lock feature to work across multiple desktop environments. If anyone uses XFCE, xscreensaver will need to be installed so they can lock their screen. This choice also makes using the smart card useless when logging back into the system. Also, I haven't been able call the lock screen from the command-line. What examples I have found do not work due to a missing ScreenSaver object. If anyone has any good solutions to this problem I would enjoy hearing them. Since Smartcard authentication does not make sense for all PAM services SSSD uses a list of services where it would offer Smartcard authentication. Currently this list is static and based on a default RHEL or Fedora setup. We already have https://fedorahosted.org/sssd/ticket/2926 to make this list configurable and Lukas already wrote an initial patch for it https://lists.fedorahosted.org/archives/list/sssd-de...@lists.fedorahosted.org/message/FQWOBQV6FFCBKZS2EXKIJU74473E7R7Y/ If you are interested I can provide you with a test build where XFCE, KDM and xscreensaver are included, just let me know for which platform you will need it. bye, Sumit Thanks in advance. -- *Michael Rainey* -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA with smart card using LightDM
On Thu, Apr 28, 2016 at 04:09:16PM -0500, Michael Rainey (Contractor) wrote: > I am wondering if anyone out there is currently using freeIPA with smart > cards along with LightDM. I have systems running SL7.2 with GDM and I have > users that prefer to use XFCE or KDE over the default GNOME-Shell. The > problem with GDM is I am not able to get screen lock feature to work across > multiple desktop environments. If anyone uses XFCE, xscreensaver will need > to be installed so they can lock their screen. This choice also makes using > the smart card useless when logging back into the system. Also, I haven't > been able call the lock screen from the command-line. What examples I have > found do not work due to a missing ScreenSaver object. > > If anyone has any good solutions to this problem I would enjoy hearing them. Since Smartcard authentication does not make sense for all PAM services SSSD uses a list of services where it would offer Smartcard authentication. Currently this list is static and based on a default RHEL or Fedora setup. We already have https://fedorahosted.org/sssd/ticket/2926 to make this list configurable and Lukas already wrote an initial patch for it https://lists.fedorahosted.org/archives/list/sssd-de...@lists.fedorahosted.org/message/FQWOBQV6FFCBKZS2EXKIJU74473E7R7Y/ If you are interested I can provide you with a test build where XFCE, KDM and xscreensaver are included, just let me know for which platform you will need it. bye, Sumit > > Thanks in advance. > -- > *Michael Rainey* > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] FreeIPA with smart card using LightDM
I am wondering if anyone out there is currently using freeIPA with smart cards along with LightDM. I have systems running SL7.2 with GDM and I have users that prefer to use XFCE or KDE over the default GNOME-Shell. The problem with GDM is I am not able to get screen lock feature to work across multiple desktop environments. If anyone uses XFCE, xscreensaver will need to be installed so they can lock their screen. This choice also makes using the smart card useless when logging back into the system. Also, I haven't been able call the lock screen from the command-line. What examples I have found do not work due to a missing ScreenSaver object. If anyone has any good solutions to this problem I would enjoy hearing them. Thanks in advance. -- *Michael Rainey* -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
