Issue #3677: [RFE] SSSD smart smard card, configure to soft fail when CRL not available. - sssd

SSSD / sssd

#3677 [RFE] SSSD smart smard card, configure to soft fail when CRL not available.

Closed: Fixed 4 years ago by pbrezina. Opened 6 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1492879

Description of problem:
SSSD requires strict checking of a CRL with smart cards.

How reproducible:
Always

Additional info:

SSSD should be able to authenticate a Smart Card (DoD CAC) user and allow them
to login if they present a correct pin and the LDAP or IDM server is able the
authenticate the card. If the CRL list is not available, the user should still
be able to login, but the CRL check should soft fail (log the failure, but
allow the user to login).

Many customers that use Smart Cards are in isolated networks or networks
without access to the original issuers CRL. Should the CRL become unavailable
due to varying circumstances, users would be unable to login.

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1492879

6 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.0

6 years ago

Metadata Update from @jhrozek:
- Issue priority set to: minor

6 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

4 years ago

Metadata Update from @sbose:
- Issue assigned to sbose

4 years ago

sbose commented 4 years ago

PR: https://github.com/SSSD/sssd/pull/945

Metadata Update from @sbose:
- Custom field patch adjusted to on

4 years ago

pbrezina commented 4 years ago

Commit 389e2ee relates to this ticket

pbrezina commented 4 years ago

master
- 389e2ee - p11_child: add 'soft_ocsp' and 'soft_crl options

Metadata Update from @pbrezina:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4696

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

sbose

Tags

None

Blocking

None

Depending on

None

Priority

minor

Milestone

SSSD 2.3

type

None

component

None

version

None

selected

None

testsupdated

None

patch

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1492879

design_review

None

review

None

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#3677 [RFE] SSSD smart smard card, configure to soft fail when CRL not available. Closed: Fixed 4 years ago by pbrezina. Opened 6 years ago by jhrozek.

Metadata

#3677 [RFE] SSSD smart smard card, configure to soft fail when CRL not available.

Closed: Fixed 4 years ago by pbrezina. Opened 6 years ago by jhrozek.