Issue #4238: [RFE] Provide ability to map CAC identity certificates to users in IdM - freeipa

freeipa

#4238 [RFE] Provide ability to map CAC identity certificates to users in IdM

Closed: Fixed None Opened 10 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1072383

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Provide the ability to map identity certificates from smart-cards to user entries in FreeIPA to improve the centralized authentication
functionality of the product.

The idea is to utilize IdM as the centralized authentication repository for users through card + pin instead of username + password.

How would it work:

Configure a desktop to authenticate using smart cards with pam_pkcs11 or sssd Smart Card support (upstream ticket)
Point authentication to FreeIPA
Use cert+pin to identify the user and have the user get all the appropriate resources assigned to them via IdM such as sudoers, automount, etc...

mkosek commented 9 years ago

Moving to FreeIPA 4.1 where we will re-evaluate this RFE.

adelton commented 9 years ago

Client-side counterpart ticket: https://fedorahosted.org/sssd/ticket/2596

dpal commented 9 years ago

Related ticket #4955.

jcholast commented 8 years ago

master:

7f7c247 Support multiple host and service certificates

jcholast commented 8 years ago

master:

b6924c0 Fix: regression in host and service plugin
62e9867 Fix certificate management with service-mod

jcholast commented 8 years ago

master:

93dab56 baseldap: add support for API commands managing only a single attribute
53b11b6 reworked certificate normalization and revocation
76eea85 new commands to manage user/host/service certificates

pvoborni commented 8 years ago

Web UI was mostly implemented in tickets #5046 and #5045. Web UI support for {user|service|host}_{add|remove}_cert commands, implemented in 76eea85, is still missing (#5108)

mkosek commented 8 years ago

Nathan Kinder just started very promising blog series about Smart Cards and this feature:
https://blog-nkinder.rhcloud.com/?p=179

Metadata Update from @mkosek:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.2

7 years ago

Metadata

Assignee

mbabinsk

Tags

None

Blocking

None

Depending on

None

Priority

critical

Milestone

FreeIPA 4.2

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

Certificate management

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1072383

tester

None

changelog

None

design

http://www.freeipa.org/page/V4/User_Certificates

freeipa

Source Code

#4238 [RFE] Provide ability to map CAC identity certificates to users in IdM Closed: Fixed None Opened 10 years ago by mkosek.

Metadata

#4238 [RFE] Provide ability to map CAC identity certificates to users in IdM

Closed: Fixed None Opened 10 years ago by mkosek.