I hope somebody can answer this for me and clarify questions I have about this process. If this is not the right place to ask the question please tell me where I might be able to get answers to my questions.
I want a Linux machine to become a user of the active directory Does SSD configure you to be part of the Windows domain or is it only using a small part such as list, positions of things, resource sharing, etc. Or is it a full-fledged Windows user? I want to know about the process of enrolling the CAC with the PKI/widows domain/active directory. When you log in with the smartcard/CAC, when and how does enrollment occur? I think enrollment could be one of two things: You could use the certificates/identifier number from the CAC to enroll and be in active directory/PKI. What is the enrollment PKI? I want to understand the associations between the CAC, Windows, and what information is stored. I don't think it's the cerificate but just the number. Once you've logged into the machine does in use certificates from the CAC and how does the information get there. How do you associate the CAC with the windows user from active directory? How do you connect using your key? Once you're on a machine and you need to log in to a Linux machine that's a member and you want to prove who you are from a machine that has become part of active directory how do you know? Does Linux associate the CAC the same way that Windows does? For SSH? kinit involvement? Does the SSS module or pam module handle session tickets or does it only give you your only initial ticket granting ticket?
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
