Upgrade to RHEL 8.2 causes smart card login to skip/fail due to failure in OCSP response verification

Solution Verified - Updated -

Issue

  • After upgrading to RHEL 8.2, IPA users are no longer able to login using a smart card for both GDM and console login.
  • On RHEL 8.2 users are no longer prompted for PIN to unlock the certificate on the smart card for PKI enabled logins and are able to authenticate to IPA with their password, this violates security requirements for customers enforcing PKI enabled login only.

Environment

  • RHEL 8.2
  • sssd

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In