SSSD would integrate with GNOME Keyring, https://fedorahosted.org/sssd/ticket/2221 but it would rely on the keys stored in IPA. IPA should probably use Vault capability to store these secrets. See #3872
The other option is to modify gnome-keyring and do not touch SSSD/IPA at all. Gnome-keyring could use PKCS#11 for manipulating the key used for keyring encryption. As a result, the key could be stored on a real smart card or in IPA.
PKCS#11
Given the fact that IPA is going to implement PKCS#11 interface anyway it seems that support for PKCS#11 standard in gnome-keyring is a way how to get more functionality with the same effort.
The FreeIPA 4.2 was already shaped (see [[milestone:FreeIPA 4.2]] milestone), this does not fit. Pushing out.
If anyone is willing to help and contribute to this one, please let us know!
Metadata Update from @dpal: - Issue assigned to mzidek - Issue set to the milestone: FreeIPA 4.5 backlog
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.