Learn more about these different git repos.
Other Git URLs
As a requirement for approving our implementation of SSSD with Smart Cards to Active Directory, we need to provide whitepaper to our Windows Identity Team about the public key class and attribute.
If there's any kind of documentation as to the technical specification of the class and attribute. Even if it doesn't exist could we get something drawn up?
Thanks
Hi,
can you give some more details what is needed here? 'public key class and attribute' sounds a bit like LDAP objectclasses and LDAP attributes, is this what they are asking for?
Do I understand correctly that you would like the access a Linux client running SSSD from a Windows client with SSH, e.g. putty, not using a password, GSSAPI or ssh-keys but a Smartcard must be inserted and your are prompted for a PIN?
Are you planning to use Smartcard authentication to the Linux desktop directly as well?
bye, Sumit
Hi Sumit,
Yes all of that is correct. We are able to successfully achieve the above task, but the Windows team wants documentation as to why they need to extend their schema. I'll review the LDAP documentation and see if that meets the requirements.
Thank you, Josh
On Fri, Jun 21, 2019 at 1:12 AM Sumit Bose pagure@pagure.io wrote:
sbose added a new comment to an issue you are following: `` Hi, can you give some more details what is needed here? 'public key class and attribute' sounds a bit like LDAP objectclasses and LDAP attributes, is this what they are asking for? Do I understand correctly that you would like the access a Linux client running SSSD from a Windows client with SSH, e.g. putty, not using a password, GSSAPI or ssh-keys but a Smartcard must be inserted and your are prompted for a PIN? Are you planning to use Smartcard authentication to the Linux desktop directly as well? bye, Sumit `` To reply, visit the link below or just reply to this email https://pagure.io/SSSD/sssd/issue/4029
sbose added a new comment to an issue you are following: `` Hi,
``
To reply, visit the link below or just reply to this email https://pagure.io/SSSD/sssd/issue/4029
--
Joshua Bister
Consultant, NAPS
Red Hat https://www.redhat.com
San Diego, CA
jbister@redhat.com M: 619.894.6087 https://red.ht/sig
what kind of schema extensions are you thinking of?
In general it is not needed to extend the schema. There is currently no dedicated attribute in the AD LDAP schema to store the ssh public key, but I've heard that people e.g. used altSecurityIdentities successfully to store the key.
You even do not have to store the ssh public key directly because SSSD can extract the public key from the certificate and present it to sshd in the expected format. Here you have to store the certificate in the userCertificate attribute, as the AD CS would do it if you create a certificate for a user.
HTH
Metadata Update from @pbrezina: - Issue tagged with: Canditate to close
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Metadata Update from @pbrezina: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4999
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.