Description of problem:
Smartcard login when certificate on the card is revoked and ocsp check enabled is not supported
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Setup ipa environment for smartcard login
2. Create an ipa user to be used for smartcard login
3. Enroll a smartcard with certificate issued by non-ipa CA (the certificate on the smartcard should have the ocsp url)
4. assign the cert on the smartcard to the ipa user
5. Revoke the certificate on smartcard on the non-IPA CA
6. Login using smartcard
Smartcard login should fail, ocsp check should be enabled by default
smartcard login is successful
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see email@example.com with any questions
[root@dhcp129-53 ~]# rpm -qi sssd
Name : sssd
Version : 1.14.0
Release : 27.el7
Install Date: Mon 29 Aug 2016 03:11:03 PM EDT
Group : Applications/System
Size : 35147
License : GPLv3+
Signature : RSA/SHA256, Tue 23 Aug 2016 09:39:09 AM EDT, Key ID 938a80caf21541eb
Source RPM : sssd-1.14.0-27.el7.src.rpm
Build Date : Fri 19 Aug 2016 06:43:40 AM EDT
Build Host : x86-037.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor : Red Hat, Inc.
URL : http://fedorahosted.org/sssd/
Summary : System Security Services Daemon
Verification steps as explained in comment 0. Login was not successful when the certificate on the smartcard was in revoked state.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.