URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: server-side and client-side advises for configuring smart card auth
abbra commented: """ @martbab, this actually makes full sense -- if you want to increase the security of your IPA masters, you might force using smart cards only to do ssh login. We are not there yet by default but I can see it being a mandate for organizations that enforce industry or governmental requirements. """
See the full comment at https://github.com/freeipa/freeipa/pull/854#issuecomment-307426705