Simple DOD CAC PIV enablement for IdM

Latest response

There is various documentation and steps in the Red Hat Identity Guide and other places on setting up PIV auth but little that has a step-wise approach to using DOD CAC pre-existing and IdM (FreeIPA).

(1) Associate certs from CAC with IdM user - DONE
(2) Update authconfig and sssd.conf on client - DONE
(3) Inserting CAC and entering PIN - FAILS
(4) Using certutil from cmdline with PIN - WORKS

There is mention in various places about adding the root CA (DOD CA-44 in this case) on the clients, but little about if it's required and a simple clear 1-2-3 approach to CAC + IdM for NAPS customers.

Would be really nice to have this or a reply, customer ticket open already.

Thanks much!



Did you ever get the CAC and PIN issue resolved? We are having the same issues.

Thank you

There is a supposed Document somewhere for this. And the latest version of Satellite supposedly is DOD CAC aware, but I not found it either.