Learn more about these different git repos.
Other Git URLs
pam_pkcs11 is no longer maintained upstream: https://github.com/OpenSC/pam_pkcs11/blob/master/README.md
And it doesn't even build with the latest OpenSSL. In the meantime, SSSD gained many capabilities to support smart card authentication.
This ticket is more of a task tracker to remind us that we need to test and document the use case of a local user with a smart card. Chances are no code changes are required in SSSD, but there might be changes required to the PAM stack.
Documenthing this would enable other distributions to either reuse our documentation or right away tune their default PAM stack.
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.0
Metadata Update from @jhrozek: - Issue priority set to: blocker
As pam_pkcs11 is going away and is being replaced by pam_sssd for local smart card authentication, what are your plans for closer specification of PKCS#11 slot/object that will be used to authenticate users?
pam_pkcs11
pam_sssd
The pam_pkcs11 had options slot_description and slot_num, which were able to specify restrict the selection in cumbersome way (given that slot numbers is not guaranteed to be stable if I am right).
slot_description
slot_num
So far, I see you only specify pam_cert_db_path and the rest of it is handled by NSS. Do you plan to implement a way of clarifying the token/certificate objects, such as PKCS#11 URIs (RFC 7512)?
pam_cert_db_path
Metadata Update from @sbose: - Issue assigned to sbose
Commit d724ea3 relates to this ticket
First two patches are laying the groundwork: * d724ea3 * 72099c3
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1615417
Issue linked to Bugzilla: Bug 1615417
It would be great to have this! Especially if in sss_user_mod there is a way to add the userCertificate etc. Making the unrollment process painless is super important. I look forward to seeing this!
https://github.com/SSSD/sssd/pull/656
Metadata Update from @sbose: - Custom field patch adjusted to on
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1615417, https://bugzilla.redhat.com/show_bug.cgi?id=1521083 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1615417)
Issue linked to Bugzilla: Bug 1521083
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4526
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.