Hello, On Tue, 12 Sep 2023, Paul Tagliamonte wrote: > I upgraded my sid system, and post-upgrade gdm3 isn't showing my face > when I reboot, and entering my username causes it to loop back to > username entry again (no password prompt). After some help from smcv, I > narrowed down the issue to the interactions between my smartcard > development tools installed locally and gdm3.
In my case, I don't have any "smartcard development tools" (at least not on purpose), I just have a smartcard inserted with a single GPG key used for "authentication" (i.e. mainly for SSH logins). $ gpg --card-status Reader ...........: Alcor Micro AU9540 00 00 Application ID ...: D2760001240102010005000040DD0000 Application type .: OpenPGP Version ..........: 2.1 Manufacturer .....: ZeitControl [...] Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: 1CAC 8718 CAA0 C7B9 1EC0 E907 F1CA EE10 6CE6 97F8 created ....: 2022-01-19 08:31:51 > (I do not have libpam-sss installed - after I got this error I installed > it to see if I could unlock myself, but it didn't do much and I purged > it again). At least after I installed libpam-sss, I got an error message asking me to introduce another smartcard so we could indeed figure out that it was related to the smartcard. > My hunch is that I believe gdm-smartcard thinks it's supposed to kick > into gear and authenticate my smartcard, but it isn't configured to do > so (heck, it hasn't been told how to match my UPN/Email > SAN/Subject/Serial to UID, nor an x.509 CA to use for user > authentication). However, it kicking into gear has kicked me out of my > ability to login :) That's likely due to the fact that gdm-smartcard required dependencies (at least libpam-sss) were missing. So yeah it seems like that gdm-smartcard should have a better failure mode when its prerequisites are missing. Putting here the reportbug generated info for the computer where I experienced the issue: Debian Release: trixie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-security'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.4.0-4-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gdm3 depends on: ii accountsservice 23.13.9-4 ii adduser 3.137 ii dbus [default-dbus-system-bus] 1.14.10-1 ii dbus-bin 1.14.10-1 ii dbus-daemon 1.14.10-1 ii dconf-cli 0.40.0-4 ii dconf-gsettings-backend 0.40.0-4 ii debconf [debconf-2.0] 1.5.82 ii gir1.2-gdm-1.0 45~beta-1 ii gnome-session [x-session-manager] 44.0-4 ii gnome-session-bin 44.0-4 ii gnome-session-common 44.0-4 ii gnome-settings-daemon 45~rc-1 ii gnome-shell 44.4-1 ii gnome-terminal [x-terminal-emulator] 3.49.99-1 ii gsettings-desktop-schemas 45~rc-1 ii libaccountsservice0 23.13.9-4 ii libaudit1 1:3.1.1-1 ii libc6 2.37-7 ii libcanberra-gtk3-0 0.30-10 ii libcanberra0 0.30-10 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libgdm1 45~beta-1 ii libglib2.0-0 2.78.0-1 ii libglib2.0-bin 2.78.0-1 ii libgtk-3-0 3.24.38-5 ii libgudev-1.0-0 237-2 ii libkeyutils1 1.6.3-2 ii libpam-modules 1.5.2-7 ii libpam-runtime 1.5.2-7 ii libpam-systemd [logind] 254.1-3 ii libpam0g 1.5.2-7 ii librsvg2-common 2.54.7+dfsg-2 ii libselinux1 3.5-1 ii libsystemd0 254.1-3 ii libx11-6 2:1.8.6-1 ii libxau6 1:1.0.9-1 ii libxcb1 1.15-1 ii libxdmcp6 1:1.1.2-3 ii metacity [x-window-manager] 1:3.49.1-1 ii mutter [x-window-manager] 44.4-2 ii polkitd 123-1 ii procps 2:4.0.3-1 ii systemd-sysv 254.1-3 ii ucf 3.0043+nmu1 ii x11-common 1:7.7+23 ii x11-xserver-utils 7.7+9+b1 ii xterm [x-terminal-emulator] 384-1 Versions of packages gdm3 recommends: ii at-spi2-core 2.49.91-2 ii desktop-base 12.0.6+nmu1 ii gnome-session [x-session-manager] 44.0-4 ii x11-xkb-utils 7.7+7 ii xserver-xephyr 2:21.1.8-1 ii xserver-xorg 1:7.7+23 ii zenity 3.44.2-1 Versions of packages gdm3 suggests: pn libpam-fprintd <none> ii libpam-gnome-keyring 42.1-1+b2 pn libpam-pkcs11 <none> pn libpam-sss <none> ii orca 44.1-2 Cheers, -- ⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog <hert...@debian.org> ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋ The Debian Handbook: https://debian-handbook.info/get/ ⠈⠳⣄⠀⠀⠀⠀ Debian Long Term Support: https://deb.li/LTS