Ipa-server and DoD CAC authentication

Anyone gotten an ipa server setup to use DoD common access cards for authentication? I have a new domain setup, four replica servers, all are providing domain and CA services. I haven’t found the the right set of steps to get a CAC login on any of the clients yet.

From what I’m understanding, a CAC card is a smart card. I believe the same setup that’s required for smart cards in FreeIPA should technically apply to a CAC card. I would review this to get yourself started. All it really should come down to is the card has certificates issued by FreeIPA associated with the user.

Using these steps and this page I was able to setup my yubikey for smart card auth in my own environment.

1 Like