#3677 [RFE] SSSD smart smard card, configure to soft fail when CRL not available.

Created 6 months ago by jhrozek
Modified a month ago

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1492879

Description of problem:
SSSD requires strict checking of a CRL with smart cards.

How reproducible:
Always

Additional info:

SSSD should be able to authenticate a Smart Card (DoD CAC) user and allow them
to login if they present a correct pin and the LDAP or IDM server is able the
authenticate the card. If the CRL list is not available, the user should still
be able to login, but the CRL check should soft fail (log the failure, but
allow the user to login).

Many customers that use Smart Cards are in isolated networks or networks
without access to the original issuers CRL. Should the CRL become unavailable
due to varying circumstances, users would be unable to login.
6 months ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1492879

6 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.0

6 months ago

Metadata Update from @jhrozek:
- Issue priority set to: minor

a month ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

Login to comment on this ticket.

https://bugzilla.redhat.com/show_bug.cgi?id=1492879

cancel