Skip to content

Can I use X.509 certificates to identify a user with SSSD using "id_provider=files" #19421

Closed Answered by buentead
buentead asked this question in Q&A
Discussion options

You must be logged in to vote

Yes, certificate authentication with just the local Linux users is possible. There is no central Identity Management System such as MS-AD required. The /etc/sssd/sssd.conf file, however, need to be different according to the design page Certificate mapping and matching rules for all providers. The following example works for me as the required user 'admin' is in the CN of the subject:

[SSSD]
enable_files_domain = true

[domain/implicit_files]
id_provider=files

[certmap/implicit_files/admin]
matchrule = <SUBJECT>^.*CN=admin.*$

Important is the rule name within the certmap section, which is the Linux user, 'admin' in the example above. The matchrule is used to assign a certificate content…

Replies: 1 comment 9 replies

Comment options

You must be logged in to vote
9 replies
@martinpitt
Comment options

@saner20
Comment options

@martinpitt
Comment options

@saner20
Comment options

@saner20
Comment options

Answer selected by buentead
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
3 participants