internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
Files
master
ansible-freeipa/roles/ipasmartcard_client/README.md
Rafael Guterres Jeffman 012f0deb00 Remove 'vars' files of unsupported distributions 
This patch removes 'vars' files from roles for unsupported distributions
and change minimum supported Fedora to version 40+.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2025-01-31 12:45:45 -03:00

113 lines
2.5 KiB
Markdown
Raw Permalink Blame History

ipasmartcard_client role
========================
Description
-----------
This role allows to configure IPA clients for Smart Card authentication.
**Note**: The ansible-freeipa smartcard client role requires an enrolled IPA client.
Features
--------
* Client setup for Smart Card authentication
Supported FreeIPA Versions
--------------------------
FreeIPA versions 4.5 and up are supported by this role.
Supported Distributions
-----------------------
* RHEL/CentOS 7.6+
* CentOS Stream 8+
* Fedora 40+
Requirements
------------
**Controller**
* Ansible version: 2.14+
**Node**
* Supported FreeIPA version (see above)
* Supported distribution (needed for package installation only, see above)
* Enrolled IPA client
Limitations
-----------
Only the enablement of smartcards is supported by the role, there is no disablement.
Usage
=====
Example inventory file with IPA clients:
```ini
[ipaclients]
ipaclient1.example.com
ipaclient2.example.com
[ipaclients:vars]
ipaadmin_password=SomeADMINpassword
ipasmartcard_client_ca_certs=/etc/ipa/ca.crt
```
Example playbook to setup smartcard for the IPA clients using admin password and ipasmartcard_client_ca_certs from inventory file:
```yaml
---
- name: Playbook to setup smartcard for IPA clients
hosts: ipaclients
become: true
roles:
- role: ipasmartcard_client
state: present
```
Playbooks
=========
The playbooks needed to setup smartcard for the IPA clients is part of the repository in the playbooks folder.
```
install-smartcard-clients.yml
```
Please remember to link or copy the playbooks to the base directory of ansible-freeipa if you want to use the roles within the source archive.
How to setup smartcard for clients
----------------------------------
```bash
ansible-playbook -v -i inventory/hosts install-smartcard-clients.yml
```
This will setup the clients for smartcard use.
Variables
=========
Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The kerberos principal used for admin. Will be set to `admin` if not set. (string) | no
`ipaadmin_password` | The password for the IPA admin user. As an alternative an admin user keytab can be used instead with `ipaadmin_keytab`. (string) | yes
`ipaadmin_keytab` | The admin keytab as an alternative to `ipaadmin_password`. (string) | no
`ipasmartcard_client_ca_certs` | The CA certificates for smartcard use. If `ipasmartcard_client_ca_certs` is not set, but `ipasmartcard_server_ca_certs`, then `ipasmartcard_server_ca_certs` will be used. | yes
Authors
=======
Thomas Woerner
Reference in New Issue View Git Blame Copy Permalink