On 1/8/20 4:49 PM, Roy Presley wrote:
I have a use case with a local domain (files) that requires a
one-to-many relationship between a Linux user account and alternate smartcard token user
names, i.e., I have multiple users with individual smartcards that need to be able to
authenticate to a single Linux user account.
Based on the sssd documentation and my observation, the sssd.conf file only matches the
last matchrule supplied. This appears to force a one-to-one relationship between a Linux
user account and a smartcard token user name.
Is there a way to create a matchrule (or rules) that will allow the use of multiple
smartcards with a single Linux user account? Thanks.
I wouldn't have thought that this was done at the matchrule level, but rather
that the linux user account would have all of the relevant smartcard
certificates associated with it.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301
https://www.nwra.com/