I'm trying to setup smart card login into an AD user account using an ID Override on
RHEL 7.8. I have been looking through Red Hat's documentation and its a bit
confusing. I was wondering what is the proper way to export a certificate from my CAC
PIV card ? I have been just exporting the certificate in PEM format from the ESC tool
and importing it into IDM web GUI. But SSSD isn't able to associate the smart card
with the AD user. When I run the ipa certmap-match command, it will match to the AD
account that I configured with the ID Override. I was also wondering if I need
pam_pkcs11 and pam_krb5 installed anymore ? When I uninstall pam_pkcs11, GDM
doesn't prompt me for my smart card PIN. I was looking at the
"config-client-for-smart-card-auth" script and it removes the pam_pkcs11 RPM,
that's why I am asking.
Show replies by thread