Shane Frasier via FreeIPA-users wrote:
> Hi Flo,
>
> Thanks for the quick response! I have been following your helpful
> instructions, but we are still baffled. Frankly, I am starting to doubt my
> sanity :)
>
> I removed all certificate and certmap data from a contractor's user account,
>
Also, to be clear, I should mention that the certmap data is used in two
different ways:
1. We perform an ipa certmap-match command from our VPN server to confirm that
the client's certificate is valid
2. The certmap data is used by pkinit when the users kinit using their PIV
(smartcard)
Hi Flo,
Thanks for the quick response! I have been following your helpful
instructions, but we are still baffled. Frankly, I am starting to doubt my
sanity :)
I removed all certificate and certmap data from a contractor's user account,
then ran sss_cache -E to clear the cache. After that I
On 7/14/20 11:29 PM, Shane Frasier via FreeIPA-users wrote:
Hello,
I have users who kinit using their PIV (smartcard) certificates. Everything works great
for users who happen to be "full" employees, but contractors' certificates
never match.
"Full" employees have certificates issues by: