5:49 p.m.
I have a use case with a local domain (files) that requires a one-to-many relationship
between a Linux user account and alternate smartcard token user names, i.e., I have
multiple users with individual smartcards that need to be able to authenticate to a single
Linux user account.
Based on the sssd documentation and my observation, the sssd.conf file only matches the
last matchrule supplied. This appears to force a one-to-one relationship between a Linux
user account and a smartcard token user name.
Is there a way to create a matchrule (or rules) that will allow the use of multiple
smartcards with a single Linux user account? Thanks.
4:41 p.m.
On 1/8/20 4:49 PM, Roy Presley wrote:
I have a use case with a local domain (files) that requires a
one-to-many relationship between a Linux user account and alternate smartcard token user
names, i.e., I have multiple users with individual smartcards that need to be able to
authenticate to a single Linux user account.
Based on the sssd documentation and my observation, the sssd.conf file only matches the
last matchrule supplied. This appears to force a one-to-one relationship between a Linux
user account and a smartcard token user name.
Is there a way to create a matchrule (or rules) that will allow the use of multiple
smartcards with a single Linux user account? Thanks.
I wouldn't have thought that this was done at the matchrule level, but rather
that the linux user account would have all of the relevant smartcard
certificates associated with it.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301 https://www.nwra.com/
6:10 a.m.
On Wed, Jan 08, 2020 at 11:49:53PM -0000, Roy Presley wrote:
I have a use case with a local domain (files) that requires a
one-to-many relationship between a Linux user account and alternate smartcard token user
names, i.e., I have multiple users with individual smartcards that need to be able to
authenticate to a single Linux user account.
Based on the sssd documentation and my observation, the sssd.conf file only matches the
last matchrule supplied. This appears to force a one-to-one relationship between a Linux
user account and a smartcard token user name.
Is there a way to create a matchrule (or rules) that will allow the use of multiple
smartcards with a single Linux user account? Thanks.
Hi,
you can use the or operator '||' in a matchrule, e.g.
matchrule = ||<SUBJECT>^CN=user1,DC=domain$<SUBJECT>^CN=user2,DC=domain$
Does this help?
bye,
Sumit
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
1569
days inactive
1571
days old
sssd-users@lists.fedorahosted.org
2 comments
3 participants
participants (3)
-
Orion Poplawski -
Roy Presley -
Sumit Bose