How to configure specific certificate option as default during login when smartcard has multiple certificates stored in Red Hat Enterprise Linux 8 via SSSD

Solution Verified - Updated -

Issue

  • How to configure SSSD so that desired certificate option is pre-selected during GDM login screen when smartcard has multiple certificates stored.
  • When I attempt to login with my smartcard, I am presented with a choice of the three certificates on the smartcard:
Certificate for PIV Authentication
Certificate for Digital Signature
Certificate for Key Management

When I select the 'Certificate for PIV Authentication' certificate, and enter my PIN PIN for <CN>, I can successfully login. How can I configure system to be presented with only one certificate option during login?

  • How do I make matching rule more specific to enable a specific certificate choice during smart-card login?

Environment

  • Red Hat Enterprise Linux 8
  • smartcard
  • sssd

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content