Back to bug 1378943
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| autobot-bugzilla | 2016-11-09 11:10:49 UTC | Status | NEW | ASSIGNED |
| Assignee | tmraz | pbrezina | ||
| Martin Kosek | 2016-12-01 08:32:55 UTC | CC | mkosek | |
| Summary | Allow authconfig to configure Smartcard authentication with SSSD | [RFE] Allow authconfig to configure Smartcard authentication with SSSD | ||
| Martin Kosek | 2016-12-01 08:34:08 UTC | Priority | unspecified | high |
| Severity | unspecified | medium | ||
| RHEL Program Management | 2016-12-01 08:40:17 UTC | Keywords | FutureFeature | |
| Roshni | 2016-12-01 14:28:23 UTC | Flags | needinfo?(pkis) | |
| Patrik Kis | 2016-12-01 14:39:26 UTC | Flags | needinfo?(pkis) | |
| Roshni | 2016-12-05 15:05:54 UTC | Flags | needinfo?(pkis) | |
| Martin Kosek | 2016-12-09 10:05:11 UTC | Blocks | 1399979 | |
| Patrik Kis | 2016-12-09 16:28:53 UTC | Flags | needinfo?(pkis) | |
| Roshni | 2016-12-09 16:49:27 UTC | CC | sbose | |
| Patrik Kis | 2017-03-28 09:16:26 UTC | CC | pbrezina | |
| Flags | needinfo?(pbrezina) | |||
| Pavel Březina | 2017-03-28 12:43:51 UTC | Status | ASSIGNED | MODIFIED |
| Fixed In Version | authconfig-6.2.8-19.el7 | |||
| Flags | needinfo?(pbrezina) | |||
| errata-xmlrpc | 2017-03-28 12:46:45 UTC | Status | MODIFIED | ON_QA |
| Dalibor Pospíšil | 2017-04-26 13:43:08 UTC | QA Contact | qe-baseos-security | dapospis |
| Dalibor Pospíšil | 2017-04-28 16:11:29 UTC | CC | rpattath | |
| Flags | needinfo?(rpattath) | |||
| Roshni | 2017-04-28 16:28:18 UTC | Flags | needinfo?(rpattath) | needinfo?(sbose) |
| Sumit Bose | 2017-04-28 17:06:36 UTC | Flags | needinfo?(sbose) | |
| Scott Poore | 2017-05-02 16:22:03 UTC | CC | spoore | |
| Roshni | 2017-05-02 18:15:08 UTC | Flags | needinfo?(sbose) | |
| Sumit Bose | 2017-05-03 09:45:45 UTC | Flags | needinfo?(sbose) | |
| Roshni | 2017-05-03 20:33:17 UTC | Flags | needinfo?(sbose) | |
| Pavel Březina | 2017-05-04 11:41:53 UTC | Doc Text | Feature: Authconfig can enable smartcard authentication through SSSD. Reason: SSSD is now capable of authenticating users via smartcards and it should be configurable by authconfig ad an alternative to pam_pkcs11 on systems where pam_pkcs11 is not installed. Result: Authconfig can now configure SSSD, pam and gdm so that SSSD is used for smartcard authentication. E.g. "authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall". If pam_pkcs11 is installed the --smartcardmodule=sssd is ignored and the first pkcs11_module defined in /etc/pam_pkcs11/pam_pkcs11.conf is used as a default. | |
| Doc Type | If docs needed, set a value | Release Note | ||
| Sumit Bose | 2017-05-04 11:44:24 UTC | Doc Text | Feature: Authconfig can enable smartcard authentication through SSSD. Reason: SSSD is now capable of authenticating users via smartcards and it should be configurable by authconfig ad an alternative to pam_pkcs11 on systems where pam_pkcs11 is not installed. Result: Authconfig can now configure SSSD, pam and gdm so that SSSD is used for smartcard authentication. E.g. "authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall". If pam_pkcs11 is installed the --smartcardmodule=sssd is ignored and the first pkcs11_module defined in /etc/pam_pkcs11/pam_pkcs11.conf is used as a default. | Feature: Authconfig can enable smartcard authentication through SSSD. Reason: SSSD is now capable of authenticating users via smartcards and it should be configurable by authconfig as an alternative to pam_pkcs11 on systems where pam_pkcs11 is not installed. Result: Authconfig can now configure SSSD, pam and gdm so that SSSD is used for smartcard authentication. E.g. "authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall". If pam_pkcs11 is installed the --smartcardmodule=sssd is ignored and the first pkcs11_module defined in /etc/pam_pkcs11/pam_pkcs11.conf is used as a default. |
| Lenka Špačková | 2017-05-04 12:48:51 UTC | Docs Contact | apetrova | |
| Sumit Bose | 2017-05-05 09:48:25 UTC | Flags | needinfo?(sbose) | |
| Roshni | 2017-05-05 13:14:49 UTC | Status | ON_QA | VERIFIED |
| Dalibor Pospíšil | 2017-05-09 07:32:52 UTC | QA Contact | dapospis | rpattath |
| Filip Hanzelka | 2017-05-09 16:35:53 UTC | CC | fhanzelk | |
| Docs Contact | apetrova | fhanzelk | ||
| Filip Hanzelka | 2017-05-11 13:18:05 UTC | Doc Text | Feature: Authconfig can enable smartcard authentication through SSSD. Reason: SSSD is now capable of authenticating users via smartcards and it should be configurable by authconfig as an alternative to pam_pkcs11 on systems where pam_pkcs11 is not installed. Result: Authconfig can now configure SSSD, pam and gdm so that SSSD is used for smartcard authentication. E.g. "authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall". If pam_pkcs11 is installed the --smartcardmodule=sssd is ignored and the first pkcs11_module defined in /etc/pam_pkcs11/pam_pkcs11.conf is used as a default. | "Authconfig" can enable *SSSD* to authenticate smartcards Previously, it was necessary to install pam_pkcs11 in order to authenticate smartcards. With this new feature, the "authconfig" command can be used to configure the *SSSD* utility to authenticate smartcards, for example: "authconfig" --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in `/etc/pam_pkcs11/pam_pkcs11.conf` filename is used as default. As a result, smartcard authentication can be performed on systems where pam_pkics11 is not installed. |
| Flags | needinfo?(pbrezina) | |||
| Pavel Březina | 2017-05-12 08:19:44 UTC | Doc Text | "Authconfig" can enable *SSSD* to authenticate smartcards Previously, it was necessary to install pam_pkcs11 in order to authenticate smartcards. With this new feature, the "authconfig" command can be used to configure the *SSSD* utility to authenticate smartcards, for example: "authconfig" --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in `/etc/pam_pkcs11/pam_pkcs11.conf` filename is used as default. As a result, smartcard authentication can be performed on systems where pam_pkics11 is not installed. | "Authconfig" can enable *SSSD* to authenticate users with smartcards Previously, it was necessary to install pam_pkcs11 in order to authenticate users with smartcards. With this new feature, the "authconfig" command can be used to configure the *SSSD* utility to authenticate users also with smartcards, for example: "authconfig" --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in `/etc/pam_pkcs11/pam_pkcs11.conf` filename is used as default. As a result, smartcard authentication can be performed on systems where pam_pkics11 is not installed. |
| Flags | needinfo?(pbrezina) | |||
| Filip Hanzelka | 2017-05-12 13:50:09 UTC | Doc Text | "Authconfig" can enable *SSSD* to authenticate users with smartcards Previously, it was necessary to install pam_pkcs11 in order to authenticate users with smartcards. With this new feature, the "authconfig" command can be used to configure the *SSSD* utility to authenticate users also with smartcards, for example: "authconfig" --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in `/etc/pam_pkcs11/pam_pkcs11.conf` filename is used as default. As a result, smartcard authentication can be performed on systems where pam_pkics11 is not installed. | "Authconfig" can enable *SSSD* to authenticate users with smartcards This new feature allows the "authconfig" command to configure the *SSSD* utility to authenticate users with smartcards, for example: "authconfig" --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smartcard authentication can now be performed on systems where "pam_pkics11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. |
| Aneta Šteflová Petrová | 2017-05-18 10:35:08 UTC | Doc Text | "Authconfig" can enable *SSSD* to authenticate users with smartcards This new feature allows the "authconfig" command to configure the *SSSD* utility to authenticate users with smartcards, for example: "authconfig" --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smartcard authentication can now be performed on systems where "pam_pkics11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. | "Authconfig" can enable *SSSD* to authenticate users with smartcards This new feature allows the "authconfig" command to configure the *SSSD* utility to authenticate users with smartcards, for example: "authconfig" --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smartcard authentication can now be performed on systems where "pam_pkics11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/smart-cards-advanced.html#sc-clients-config. |
| Filip Hanzelka | 2017-05-19 15:22:45 UTC | Doc Text | "Authconfig" can enable *SSSD* to authenticate users with smartcards This new feature allows the "authconfig" command to configure the *SSSD* utility to authenticate users with smartcards, for example: "authconfig" --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smartcard authentication can now be performed on systems where "pam_pkics11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/smart-cards-advanced.html#sc-clients-config. | "Authconfig" can enable *SSSD* to authenticate users with smart cards This new feature allows the "authconfig" command to configure the *SSSD* utility to authenticate users with smartcards, for example: # authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smart card authentication can now be performed on systems where "pam_pkcs11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/smart-cards-advanced.html#sc-clients-config. |
| Filip Hanzelka | 2017-05-19 17:14:17 UTC | Doc Text | "Authconfig" can enable *SSSD* to authenticate users with smart cards This new feature allows the "authconfig" command to configure the *SSSD* utility to authenticate users with smartcards, for example: # authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smart card authentication can now be performed on systems where "pam_pkcs11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/smart-cards-advanced.html#sc-clients-config. | "authconfig" can enable *SSSD* to authenticate users with smart cards This new feature allows the "authconfig" command to configure the System Security Services Daemon (SSSD) to authenticate users with smart cards, for example: # authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smart card authentication can now be performed on systems where "pam_pkcs11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/smart-cards-advanced.html#sc-clients-config. |
| Martin Kosek | 2017-05-22 14:01:46 UTC | Flags | needinfo?(pbrezina) | |
| Sumit Bose | 2017-05-22 14:07:20 UTC | Flags | needinfo?(pbrezina) | |
| Lenka Špačková | 2017-06-30 09:21:56 UTC | Doc Text | "authconfig" can enable *SSSD* to authenticate users with smart cards This new feature allows the "authconfig" command to configure the System Security Services Daemon (SSSD) to authenticate users with smart cards, for example: # authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smart card authentication can now be performed on systems where "pam_pkcs11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/smart-cards-advanced.html#sc-clients-config. | "authconfig" can enable *SSSD* to authenticate users with smart cards This new feature allows the "authconfig" command to configure the System Security Services Daemon (SSSD) to authenticate users with smart cards, for example: # authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smart card authentication can now be performed on systems where "pam_pkcs11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/smart-cards-advanced.html#sc-clients-config. |
| Aneta Šteflová Petrová | 2017-07-04 12:24:28 UTC | Doc Text | "authconfig" can enable *SSSD* to authenticate users with smart cards This new feature allows the "authconfig" command to configure the System Security Services Daemon (SSSD) to authenticate users with smart cards, for example: # authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smart card authentication can now be performed on systems where "pam_pkcs11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/smart-cards-advanced.html#sc-clients-config. | "authconfig" can enable *SSSD* to authenticate users with smart cards This new feature allows the "authconfig" command to configure the System Security Services Daemon (SSSD) to authenticate users with smart cards, for example: # authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smart card authentication can now be performed on systems where "pam_pkcs11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/auth-idm-client-sc. |
| errata-xmlrpc | 2017-08-01 04:00:57 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2017-08-01 07:27:56 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-08-01 03:27:56 UTC | |||
| Lenka Špačková | 2017-08-01 08:39:47 UTC | Doc Text | "authconfig" can enable *SSSD* to authenticate users with smart cards This new feature allows the "authconfig" command to configure the System Security Services Daemon (SSSD) to authenticate users with smart cards, for example: # authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smart card authentication can now be performed on systems where "pam_pkcs11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/auth-idm-client-sc. | "authconfig" can enable *SSSD* to authenticate users with smart cards This new feature allows the "authconfig" command to configure the System Security Services Daemon (SSSD) to authenticate users with smart cards, for example: # authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall With this update, smart card authentication can now be performed on systems where "pam_pkcs11" is not installed. However, if "pam_pkcs11" is installed, the "--smartcardmodule=sssd" option is ignored. Instead, the first pkcs11_module defined in the `/etc/pam_pkcs11/pam_pkcs11.conf` is used as default. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/auth-idm-client-sc.html. |
Back to bug 1378943