URL: https://github.com/freeipa/freeipa/pull/854 Title: #854: RFC: server-side smart card auth advise plugin
flo-renaud commented: """ Hi @martbab thank you for the patch. Works great! We could also enhance the script: - check that it is run by the root user - to enable NSSOCP, the regex does not match "##NSSOCSP off" but should. - the script must be run on each IPA server, maybe we should make it clearer. - the script could also configure /etc/sssd.conf with [pam] pam_cert_auth = True
This could be done in a later commit, I can open a RFE if needed """
See the full comment at https://github.com/freeipa/freeipa/pull/854#issuecomment-306801866