On Thu, 12 Jun 2025 at 14:24:36 +0200, Raphael Hertzog wrote:
On Sat, 27 Jul 2024, Luca Boccassi wrote:
I can confirm this works (I too have a yubikey with a cert for
unrelated purposes).
So we should deploy this by default IMO. I have setup a new computer
today and I have again been bitten by this issue. Increasing severity
to attract more eyes and maybe trigger an upload.
As I said before, I'd prefer to have our expert on smart cards involved
in this, rather than second-guessing his design.
Marco: can we set
[org/gnome/login-screen]
enable-smartcard-authentication=false
by default in /etc/gdm3/greeter.dconf-defaults? That would be one more
thing that sysadmins have to adjust when they enrol smart cards for
authentication, but it seems preferable to having Yubikey/Nitrokey users
unable to log in by default.
Or do you have some other plan for this?
I'm setting a deadline for this: if I don't see objections within the
next week, I intend to upload that change to unstable.
smcv
