Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1267656
Description of problem: Smartcard login when certificate on the card is revoked and ocsp check enabled is not supported Version-Release number of selected component (if applicable): ipa-client-4.2.0-12.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Setup ipa environment for smartcard login 2. Create an ipa user to be used for smartcard login 3. Enroll a smartcard with certificate issued by non-ipa CA (the certificate on the smartcard should have the ocsp url) 4. assign the cert on the smartcard to the ipa user 5. Revoke the certificate on smartcard on the non-IPA CA 6. Login using smartcard Actual results: Smartcard login should fail, ocsp check should be enabled by default Expected results: smartcard login is successful Additional info:
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 milestone: NEEDS_TRIAGE => SSSD 1.13.3 review: True => 0 selected: => testsupdated: => 0
owner: somebody => sbose status: new => assigned
patch: 0 => 1
- master: 544a20de7667f05c1a406c4dea0706b0ab507430 - sssd-1-13: 14a983160300421b048b9665114b909c42684cec
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.13.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3853
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.