** Description changed: + [ Impact ] + + Smartcard user is not selected automatically when inserting a smartcard + + [ Test case ] + Insert a smartcard that has an user associated to it: - -> gdm is expected to select the user associated to it and allow authentication + -> gdm is expected to select the user associated to it and start the authentication + requesting the card PIN, without having to explicitly write the username. - SSSD side of fix is part of 2.4.1 and should be handled by https://github.com/SSSD/sssd/pull/5401/ - (+ commit https://github.com/SSSD/sssd/commit/4ea1739d09b) + [ Regression potential ] + + PAM configuration for smartcard changed the order [1] we check the services, so: + - if a /var/run/nologin the user will be denied for accessing the system only + after that the PIN has been inserted. + - root may be an allowed user, if associated to a smartcard (even though we trust SSSD + PAM module and configuration explicitly disallows it). + + [1] https://salsa.debian.org/gnome- + team/gdm/-/compare/90e71bd4...d32be2e5 + + --- + + There's a SSSD side of this fix (for the carts with multiple certificates) that is part of 2.4.1 and should be handled by https://github.com/SSSD/sssd/pull/5401/ + (+ commit https://github.com/SSSD/sssd/commit/4ea1739d09b) GDM should instead handle empty users properly both in the PAM config and sending the info back to gnome-shell.
-- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1917362 Title: PAM: smartcard owner isn't associated to user by default To manage notifications about this bug go to: https://bugs.launchpad.net/sssd/+bug/1917362/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
