Makes sense, I'll do that from now on.
I think I just have a PAM issue or SSSD misconfiguration, as I decided to
replace
'auth [success=1 default=ignore] pam_sss.so use_first_pass'
with
'auth[success=1 default=ignore] pam_sss.so require_cert_auth'
To force SmartCard Auth on a tt
> From: Fraser Tweedale via FreeIPA-users On Mon, Jan 30, 2023 at 11:27:47AM +, Schrock, Chad - 0336 - MITLL via
> FreeIPA-users wrote:
> > I remember a discussion on here about converting an IdM root CA in to
> > an intermediate CA, but for the life of me I can't find the discussion
> > or
On Mon, Jan 30, 2023 at 11:27:47AM +, Schrock, Chad - 0336 - MITLL via
FreeIPA-users wrote:
>
>
> Hi everyone,
>
>
>
> We have a small-ish RHEL 7 IdM (4.6.8) domain that is currently running with
> a self-signed root CA. All is well and good, except we've been told that we
> have to pla
Hi everyone,
We have a small-ish RHEL 7 IdM (4.6.8) domain that is currently running with
a self-signed root CA. All is well and good, except we've been told that we
have to play nice with the rest of the organization now, which includes
changing the self-signed root CA in to an intermediate
