Public bug reported: gsd-smartcard, which is the GDM/GNOME process that monitors the smartcard/PKI device status, fails to detect a new slot when hotplug connected to a host.
the result is if a system is booted with no smartcard reader (or pki device like a yubikey) connected, then gsd-smartcard never directs GDM to use the smartcard PAM stack. (also does not detect other features like lock on removal) all versions are affected. note this is only an issue when smartcard/MFA enforcement is enabled. (passwords disabled). if sssd is called becuase passwords are allowed, sssd will still do the correct behavior and detect the smartcard to allow login. reproduce * boot system without any PKI device attached * relaunch gsd-smartcard with debug output killall gsd-smartcard; /usr/libexec/gsd-smartcard -v * attach smartcard reader or PKI device and insert smartcard * observe behavior * repeat but boot with reader attached * observe different behavior upstream bug report https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/782 upstream patch https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/commit/88e90f2748f08f14d3f635939f3f85f05f66ecb3 ** Affects: gnome-settings-daemon (Ubuntu) Importance: Undecided Status: New ** Package changed: sssd (Ubuntu) => gnome-settings-daemon (Ubuntu) -- You received this bug notification because you are a member of Debcrafters packages, which is subscribed to gnome-settings-daemon in Ubuntu. https://bugs.launchpad.net/bugs/2111495 Title: gsd-smartcard fails to detect slots when no slots are attached at launch Status in gnome-settings-daemon package in Ubuntu: New Bug description: gsd-smartcard, which is the GDM/GNOME process that monitors the smartcard/PKI device status, fails to detect a new slot when hotplug connected to a host. the result is if a system is booted with no smartcard reader (or pki device like a yubikey) connected, then gsd-smartcard never directs GDM to use the smartcard PAM stack. (also does not detect other features like lock on removal) all versions are affected. note this is only an issue when smartcard/MFA enforcement is enabled. (passwords disabled). if sssd is called becuase passwords are allowed, sssd will still do the correct behavior and detect the smartcard to allow login. reproduce * boot system without any PKI device attached * relaunch gsd-smartcard with debug output killall gsd-smartcard; /usr/libexec/gsd-smartcard -v * attach smartcard reader or PKI device and insert smartcard * observe behavior * repeat but boot with reader attached * observe different behavior upstream bug report https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/782 upstream patch https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/commit/88e90f2748f08f14d3f635939f3f85f05f66ecb3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-settings-daemon/+bug/2111495/+subscriptions -- Mailing list: https://launchpad.net/~debcrafters-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~debcrafters-packages More help : https://help.launchpad.net/ListHelp
