IdM now supports smart card authentication for AD users
This update extends smart card support in Identity Management (IdM). Users from a trusted Active Directory (AD) can now authenticate using a smart card both remotely using "ssh" as well as locally. The following methods are supported for local authentication:
* Text console
* Graphical console, such as the Gnome Display Manager (GDM)
* Local authentication services, like "su" or "sudo"
Note that IdM only supports the above-mentioned local authentication services and "ssh" for smart card authentication. Other services, such as FTP, are not supported.
The smart card certificate for AD users can be stored directly in AD, or in an IdM override object for the AD user.
For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#smart-cards