#7036 Advice plugins for smart card configuration produce scripts that configure the feature incompletely
Closed: fixed 3 years ago Opened 3 years ago by mbabinsk.

The config-{client,server}-for-smart-card-auth recipes do not perform all the necessary steps required for successful configuration of Smart Card authentication on server and client, namely:

  • support for specifying multiple smart card signing CA certificates
  • uploading signing CA certificates to IPA certstore and relevant CA bundles (so that Kerberos client library will use them as PKINIT anchors)
  • uploading signing CA certificates to systemwide trust store

The plugins should be fixed to generate scripts that implement this additional functionality on both server and client.


Metadata Update from @mbabinsk:
- Issue assigned to mbabinsk

3 years ago

Metadata Update from @mbabinsk:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1455946

3 years ago

Metadata Update from @mbabinsk:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1455946

3 years ago

Metadata Update from @mbasti:
- Issue set to the milestone: FreeIPA 4.5.3

3 years ago

master:

  • 69ba5f9 smart-card advises: configure systemwide NSS DB also on master
  • 584abe5 smart-card advises: add steps to store smart card signing CA cert
  • e0c2e0f Allow to pass in multiple CA cert paths to the smart card advises
  • 36e0d2d add a class that tracks the indentation in the generated advises
  • 0181334 delegate the indentation handling in advises to dedicated class
  • dea4b4c advise: add an infrastructure for formatting Bash compound statements
  • 9808395 delegate formatting of compound Bash statements to dedicated classes
  • 85a79b5 Fix indentation of statements in Smart card advises
  • a9fec09 Use the compound statement formatting API for configuring PKINIT
  • 4d57aef smart card advises: use a wrapper around Bash for loops
  • e0cf709 smart card advise: use password when changing trust flags on HTTP cert
  • 53c5c0a smart-card-advises: ensure that krb5-pkinit is installed on client

ipa-4-5:

  • 23917c7 smart-card advises: configure systemwide NSS DB also on master
  • ef2ab94 smart-card advises: add steps to store smart card signing CA cert
  • 3ebab27 Allow to pass in multiple CA cert paths to the smart card advises
  • e5f31e3 add a class that tracks the indentation in the generated advises
  • 9561e3f delegate the indentation handling in advises to dedicated class
  • 666c2da advise: add an infrastructure for formatting Bash compound statements
  • 2be45a1 delegate formatting of compound Bash statements to dedicated classes
  • 61f6cb7 Fix indentation of statements in Smart card advises
  • 08f56c3 Use the compound statement formatting API for configuring PKINIT
  • e5e4c0a smart card advises: use a wrapper around Bash for loops
  • e14194e smart card advise: use password when changing trust flags on HTTP cert
  • 1114e11 smart-card-advises: ensure that krb5-pkinit is installed on client

Metadata Update from @mbasti:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata