Bug 1270027
| Summary: | [RFE] Support for smart cards in sssd | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jakub Hrozek <jhrozek> |
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | medium | Docs Contact: | Aneta Šteflová Petrová <apetrova> |
| Priority: | high | ||
| Version: | 6.8 | CC: | apetrova, ddas, dpal, grajaiya, jfenal, jgalipea, jhrozek, kbanerje, ksiddiqu, lslebodn, mkosek, mmuehlfe, mzidek, nmavrogi, nsoman, pbrezina, preichl, rpattath, salmy, sbose, sgoveas, spoore |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.13.2-5.el6 | Doc Type: | Release Note |
| Doc Text: |
SSSD smart card support
SSSD now supports smart cards for local authentication. With this feature, the user can use a smart card to log on to the system using a text-based or graphical console, as well as local services such as the *sudo* service. The user places the smart card into the reader and provides the user name and the smart card PIN at the login prompt. If the certificate on the smart card is verified, the user is successfully authenticated.
Note that SSSD currently does not enable the user to acquire a Kerberos ticket using a smart card. To obtain a Kerberos ticket, the user is still required to authenticate using the *kinit* utility.
To enable smart card support in Red Hat Enterprise Linux 6, you must allow SSSD to prompt for password, one-time password (OTP), or the smart card PIN by modifying the `auth` lines of the `/etc/pam.d/password-auth` and `/etc/pam.d/system-auth` PAM configuration files. For detailed information, see the Identity Management Guide: http://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#idm-smart-cards
|
Story Points: | --- |
| Clone Of: | 854396 | Environment: | |
| Last Closed: | 2016-05-10 20:21:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 854396, 1297034, 1299066, 1301072 | ||
| Bug Blocks: | 1172231, 1272422 | ||
|
Comment 2
Roshni
2016-01-28 14:28:38 UTC
Verified by Roshni earlier. Was waiting on bug #1299066 to be verified before marking this one. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0782.html |