Passkey Configuration

Manage Passkey configuration.

IPA supports the use of passkeys for authentication. A passkey device has to be registered to SSSD and the resulting authentication mapping stored in the user entry. The passkey authentication supports the following configuration option: require user verification. When set, the method for user verification depends on the type of device (PIN, fingerprint, external pad…)

EXAMPLES

Display the Passkey configuration:

ipa passkeyconfig-show

Modify the Passkey configuration to always require user verification:

ipa passkeyconfig-mod --require-user-verification=TRUE

Commands

---

Command Description

---

passkeyconfig-mod Modify Passkey configuration.

passkeyconfig-show Show the current Passkey configuration.

---

passkeyconfig-mod

Usage: ipa [global-options] passkeyconfig-mod [options]

Modify Passkey configuration.

Options

---

Option Description

---

--require-user-verification REQUIRE-USER-VERIFICATION Require user verification during authentication

--setattr SETATTR Set an attribute to a name/value pair. Format is attr=value.

--addattr ADDATTR Add an attribute/value pair. Format is attr=value. The attribute

--delattr DELATTR Delete an attribute/value pair. The option will be evaluated

--rights Display the access rights of this entry (requires —all). See ipa man page for details.

--all Retrieve and print all attributes from the server. Affects command output.

--raw Print entries as stored on the server. Only affects output format.

---

passkeyconfig-show

Usage: ipa [global-options] passkeyconfig-show [options]

Show the current Passkey configuration.

Options

---

Option Description

---

--rights Display the access rights of this entry (requires —all). See ipa man page for details.

--all Retrieve and print all attributes from the server. Affects command output.

--raw Print entries as stored on the server. Only affects output format.