[Freeipa-devel] [freeipa PR#854][comment] RFC: server-side smart card auth advise plugin
URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: RFC: server-side smart card auth advise plugin martbab commented: """ @flo thanks for your input, I will rework the PR tomorrow. """ See the full comment at https://github.com/freeipa/freeipa/pull/854#issuecomment-306811993 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#854][comment] RFC: server-side smart card auth advise plugin
URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: RFC: server-side smart card auth advise plugin flo-renaud commented: """ Hi @martbab thank you for the patch. Works great! We could also enhance the script: - check that it is run by the root user - to enable NSSOCP, the regex does not match "##NSSOCSP off" but should. - the script must be run on each IPA server, maybe we should make it clearer. - the script could also configure /etc/sssd.conf with [pam] pam_cert_auth = True This could be done in a later commit, I can open a RFE if needed """ See the full comment at https://github.com/freeipa/freeipa/pull/854#issuecomment-306801866 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#854][comment] RFC: server-side smart card auth advise plugin
URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: RFC: server-side smart card auth advise plugin abbra commented: """ Yes, I'm not asking you to implement these improvements as part of this PR. That's fine to be done in a separate effort. """ See the full comment at https://github.com/freeipa/freeipa/pull/854#issuecomment-306721034 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org