Upgrade to RHEL 8.2 causes smart card login to skip/fail due to failure in OCSP response verification
Issue
- After upgrading to RHEL 8.2, IPA users are no longer able to login using a smart card for both GDM and console login.
- On RHEL 8.2 users are no longer prompted for PIN to unlock the certificate on the smart card for PKI enabled logins and are able to authenticate to IPA with their password, this violates security requirements for customers enforcing PKI enabled login only.
Environment
- RHEL 8.2
- sssd
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.