[Freeipa-users] FreeIPA with smart card using LightDM
Sumit Bose
sbose at redhat.com
Fri Apr 29 08:28:33 UTC 2016
On Thu, Apr 28, 2016 at 04:09:16PM -0500, Michael Rainey (Contractor) wrote:
> I am wondering if anyone out there is currently using freeIPA with smart
> cards along with LightDM. I have systems running SL7.2 with GDM and I have
> users that prefer to use XFCE or KDE over the default GNOME-Shell. The
> problem with GDM is I am not able to get screen lock feature to work across
> multiple desktop environments. If anyone uses XFCE, xscreensaver will need
> to be installed so they can lock their screen. This choice also makes using
> the smart card useless when logging back into the system. Also, I haven't
> been able call the lock screen from the command-line. What examples I have
> found do not work due to a missing ScreenSaver object.
>
> If anyone has any good solutions to this problem I would enjoy hearing them.
Since Smartcard authentication does not make sense for all PAM services
SSSD uses a list of services where it would offer Smartcard
authentication. Currently this list is static and based on a default RHEL
or Fedora setup. We already have
https://fedorahosted.org/sssd/ticket/2926 to make this list configurable
and Lukas already wrote an initial patch for it
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/message/FQWOBQV6FFCBKZS2EXKIJU74473E7R7Y/
If you are interested I can provide you with a test build where XFCE,
KDM and xscreensaver are included, just let me know for which platform
you will need it.
bye,
Sumit
>
> Thanks in advance.
> --
> *Michael Rainey*
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list