title Cockpit Certificate Authentication Browser -> cockpit-ws: TLS handshake\nwith client cert cockpit-ws -> cockpit-session: auth mode "tls-cert" cockpit-session -> libpam-cockpit-cert: start PAM session note left of libpam-cockpit-cert: no user known yet libpam-cockpit-cert -> cockpit-ws: query certificate libpam-cockpit-cert -> sssd: map certificate sssd -> libpam-cockpit-cert: user name\n(or failure) libpam-cockpit-cert -> cockpit-session: set PAM user name,\nstart session note left of cockpit-session: start cockpit-bridge cockpit-session -> cockpit-ws: success