Hello,
On Tue, 12 Sep 2023, Paul Tagliamonte wrote:
> I upgraded my sid system, and post-upgrade gdm3 isn't showing my face
> when I reboot, and entering my username causes it to loop back to
> username entry again (no password prompt). After some help from smcv, I
> narrowed down the issue to the interactions between my smartcard
> development tools installed locally and gdm3.
In my case, I don't have any "smartcard development tools" (at least not
on purpose), I just have a smartcard inserted with a single GPG key used
for "authentication" (i.e. mainly for SSH logins).
$ gpg --card-status
Reader ...........: Alcor Micro AU9540 00 00
Application ID ...: D2760001240102010005000040DD0000
Application type .: OpenPGP
Version ..........: 2.1
Manufacturer .....: ZeitControl
[...]
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: 1CAC 8718 CAA0 C7B9 1EC0 E907 F1CA EE10 6CE6 97F8
created ....: 2022-01-19 08:31:51
> (I do not have libpam-sss installed - after I got this error I installed
> it to see if I could unlock myself, but it didn't do much and I purged
> it again).
At least after I installed libpam-sss, I got an error message asking me
to introduce another smartcard so we could indeed figure out that it was
related to the smartcard.
> My hunch is that I believe gdm-smartcard thinks it's supposed to kick
> into gear and authenticate my smartcard, but it isn't configured to do
> so (heck, it hasn't been told how to match my UPN/Email
> SAN/Subject/Serial to UID, nor an x.509 CA to use for user
> authentication). However, it kicking into gear has kicked me out of my
> ability to login :)
That's likely due to the fact that gdm-smartcard required dependencies
(at least libpam-sss) were missing. So yeah it seems like that
gdm-smartcard should have a better failure mode when its prerequisites are
missing.
Putting here the reportbug generated info for the computer where I
experienced the issue:
Debian Release: trixie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable-security'), (500, 'unstable'),
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.4.0-4-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gdm3 depends on:
ii accountsservice 23.13.9-4
ii adduser 3.137
ii dbus [default-dbus-system-bus] 1.14.10-1
ii dbus-bin 1.14.10-1
ii dbus-daemon 1.14.10-1
ii dconf-cli 0.40.0-4
ii dconf-gsettings-backend 0.40.0-4
ii debconf [debconf-2.0] 1.5.82
ii gir1.2-gdm-1.0 45~beta-1
ii gnome-session [x-session-manager] 44.0-4
ii gnome-session-bin 44.0-4
ii gnome-session-common 44.0-4
ii gnome-settings-daemon 45~rc-1
ii gnome-shell 44.4-1
ii gnome-terminal [x-terminal-emulator] 3.49.99-1
ii gsettings-desktop-schemas 45~rc-1
ii libaccountsservice0 23.13.9-4
ii libaudit1 1:3.1.1-1
ii libc6 2.37-7
ii libcanberra-gtk3-0 0.30-10
ii libcanberra0 0.30-10
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1
ii libgdm1 45~beta-1
ii libglib2.0-0 2.78.0-1
ii libglib2.0-bin 2.78.0-1
ii libgtk-3-0 3.24.38-5
ii libgudev-1.0-0 237-2
ii libkeyutils1 1.6.3-2
ii libpam-modules 1.5.2-7
ii libpam-runtime 1.5.2-7
ii libpam-systemd [logind] 254.1-3
ii libpam0g 1.5.2-7
ii librsvg2-common 2.54.7+dfsg-2
ii libselinux1 3.5-1
ii libsystemd0 254.1-3
ii libx11-6 2:1.8.6-1
ii libxau6 1:1.0.9-1
ii libxcb1 1.15-1
ii libxdmcp6 1:1.1.2-3
ii metacity [x-window-manager] 1:3.49.1-1
ii mutter [x-window-manager] 44.4-2
ii polkitd 123-1
ii procps 2:4.0.3-1
ii systemd-sysv 254.1-3
ii ucf 3.0043+nmu1
ii x11-common 1:7.7+23
ii x11-xserver-utils 7.7+9+b1
ii xterm [x-terminal-emulator] 384-1
Versions of packages gdm3 recommends:
ii at-spi2-core 2.49.91-2
ii desktop-base 12.0.6+nmu1
ii gnome-session [x-session-manager] 44.0-4
ii x11-xkb-utils 7.7+7
ii xserver-xephyr 2:21.1.8-1
ii xserver-xorg 1:7.7+23
ii zenity 3.44.2-1
Versions of packages gdm3 suggests:
pn libpam-fprintd <none>
ii libpam-gnome-keyring 42.1-1+b2
pn libpam-pkcs11 <none>
pn libpam-sss <none>
ii orca 44.1-2
Cheers,
--
⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog <hert...@debian.org>
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋ The Debian Handbook: https://debian-handbook.info/get/
⠈⠳⣄⠀⠀⠀⠀ Debian Long Term Support: https://deb.li/LTS
