On Mon, Jul 26, 2021 at 5:05 AM Assaf Morami <assaf.mor...@gmail.com> wrote:
> Is it possible to turn off certificate matching against AD, and just > use the username while taking the certificate directly from the > smart card? For sssd 2.1.0 and later, you should be able to use sss-certmap(5) to accomplish this, yes. But for sssd before 2.1.0, the *only* mechanism sssd has to map smartcard certificates to user AD objects is userCertificate searching. > On my setup it's not feasible to attach certificates to user on AD, > that's why I'm looking for a workaround. If you cannot put certificates into the userCertificate field in AD, the only work-around is to upgrade to sssd 2.1.0 or later. (We briefly considered doing that on RHEL7, but quickly abandoned it due to the effort involved.) _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure