[Freeipa-users] FreeIPA with smart card using LightDM

Michael Rainey (Contractor) michael.rainey.ctr at nrlssc.navy.mil
Mon May 2 17:30:19 UTC 2016 

Sumit,

Thank you for taking the time to reply to may questions.  I'm interested 
in trying out the suggested test build.  I do have a question about 
using the build.  Will the build contain the feature of locking the 
screen when the smart card is removed?  Let me know when the test build 
is ready.

Thanks,

*Michael Rainey*

On 04/29/2016 03:28 AM, Sumit Bose wrote:
> On Thu, Apr 28, 2016 at 04:09:16PM -0500, Michael Rainey (Contractor) wrote:
>> I am wondering if anyone out there is currently using freeIPA with smart
>> cards along with LightDM.  I have systems running SL7.2 with GDM and I have
>> users that prefer to use XFCE or KDE over the default GNOME-Shell.  The
>> problem with GDM is I am not able to get screen lock feature to work across
>> multiple desktop environments.  If anyone uses XFCE, xscreensaver will need
>> to be installed so they can lock their screen.  This choice also makes using
>> the smart card useless when logging back into the system.  Also, I haven't
>> been able call the lock screen from the command-line.  What examples I have
>> found do not work due to a missing ScreenSaver object.
>>
>> If anyone has any good solutions to this problem I would enjoy hearing them.
> Since Smartcard authentication does not make sense for all PAM services
> SSSD uses a list of services where it would offer Smartcard
> authentication. Currently this list is static and based on a default RHEL
> or Fedora setup. We already have
> https://fedorahosted.org/sssd/ticket/2926 to make this list configurable
> and Lukas already wrote an initial patch for it
> https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/message/FQWOBQV6FFCBKZS2EXKIJU74473E7R7Y/
>
> If you are interested I can provide you with a test build where XFCE,
> KDM and xscreensaver are included, just let me know for which platform
> you will need it.
>
> bye,
> Sumit
>
>> Thanks in advance.
>> -- 
>> *Michael Rainey*
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160502/b0ee4dd3/attachment.htm>

More information about the Freeipa-users mailing list