[Freeipa-users] FreeIPA smart card how to
Martin Kosek
mkosek at redhat.com
Tue Feb 2 15:56:22 UTC 2016
On 02/02/2016 04:49 PM, Michael Rainey (Contractor) wrote:
> Greetings FreeIPA Community,
>
> I have been testing and working with the smart card login feature of the IPA
> server, and have had some successes with this project. However, my latest
> server/client setup isn't working as expected. I can where the problem is
> occurring, which is the Common Name on the Card is not being mapped to the
> proper attribute on the IPA server. So here's my question: Is there a howto
> which explains how an where this mapping occurs? Is this something I can
> configure myself, or is hard coded.
At the moment, the Smart Card support present in SSSD looks up the user by
searching with a blob containing the whole SC certificate. This BTW means that
the certificate needs to be present at user entry in FreeIPA to make sure it
matches, no other mapping mechanism is available yet. We have some plans though:
http://www.freeipa.org/page/V4/User_Certificates#Certificate_Identity_Mapping
If you are interested in HOWTOs, Nathan Kinder put together pretty neat blog
posts how to make Smart Card authentication working:
http://www.freeipa.org/page/V4/User_Certificates#References
HTH,
Martin
More information about the Freeipa-users
mailing list