[Freeipa-devel] [freeipa PR#854][comment] server-side and client-side advises for configuring smart card auth

URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: server-side and client-side advises for configuring smart card auth martbab commented: """ master: * 0569c02f17f853d97280f52f4a7fefecc72cf45d Extend the advice printing code by some useful abstractions *

[Freeipa-devel] [freeipa PR#854][comment] server-side and client-side advises for configuring smart card auth

URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: server-side and client-side advises for configuring smart card auth abbra commented: """ @martbab, definitely `authconfig` in fc25 is too old for this. On F26 I have version 7.0.1-1. It does announce support for SSSD smartcard

[Freeipa-devel] [freeipa PR#854][comment] server-side and client-side advises for configuring smart card auth

URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: server-side and client-side advises for configuring smart card auth martbab commented: """ Also I get the following error when running authconfig: ```console authconfig: Authentication module /lib64/security/pam_pkcs11.so is

[Freeipa-devel] [freeipa PR#854][comment] server-side and client-side advises for configuring smart card auth

URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: server-side and client-side advises for configuring smart card auth abbra commented: """ Note that "directly" may actually mean using a virtualized remote smart card access which is provided via virtualized USB pass-through done by

[Freeipa-devel] [freeipa PR#854][comment] server-side and client-side advises for configuring smart card auth

URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: server-side and client-side advises for configuring smart card auth abbra commented: """ @martbab, this actually makes full sense -- if you want to increase the security of your IPA masters, you might force using smart cards only to

[Freeipa-devel] [freeipa PR#854][comment] server-side and client-side advises for configuring smart card auth

URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: server-side and client-side advises for configuring smart card auth martbab commented: """ @flo ah sorry I missed that. I will incorporate it into advise then. """ See the full comment at

[Freeipa-devel] [freeipa PR#854][comment] server-side and client-side advises for configuring smart card auth

URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: server-side and client-side advises for configuring smart card auth martbab commented: """ That section[1] only instructs to configure `pam_cert_auth=true` in the SSSD's `pam` section which is already done on both server and client,

[Freeipa-devel] [freeipa PR#854][comment] server-side and client-side advises for configuring smart card auth

URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: server-side and client-side advises for configuring smart card auth abbra commented: """ It is all documented in

[Freeipa-devel] [freeipa PR#854][comment] server-side and client-side advises for configuring smart card auth

URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: server-side and client-side advises for configuring smart card auth abbra commented: """ Thanks. Comments so far: * client configuration does not make sure to ask for a removal of `pam_pkcs11` package * client configuration does not