This bug was fixed in the package gdm3 - 3.38.2.1-3ubuntu2
---------------
gdm3 (3.38.2.1-3ubuntu2) impish; urgency=medium
* Merge with debian
* debian/gdm3.gdm-smartcard-*: Keep using user_readenv=1 in pam_env.so
* Remaining changes with debian:
+ readme.debian: update for correct paths in ubuntu
+ control.in:
- don't recommend desktop-base
- build depend on libgudev-1.0-dev
- depend on bash for config_error_dialog.patch
- update vcs field
+ rules:
- don't override default user/group
- -dgdm-xsession=true to install upstream xsession script
- override dh_installinit with --no-start to avoid session being killed
+ rules, readme.debian, gdm3.8.pod:
use upstream custom.conf instead of daemon.conf
+ gdm3.{postinst,postrm}: rename user and group back to gdm
+ gdm3.*.pam: make pam_env read ~/.pam_environment, as we use in g-c-c
settings
+ gdm3.install:
- stop installing default.desktop. it adds unnecessary clutter
("system default") to the session chooser.
- don't install debian/xsession
+ add run_xsession.d.patch
+ add xresources_is_a_dir.patch
- fix loading from /etc/x11/xresources/*
+ add nvidia_prime.patch:
- add hook to run prime-offload (as root) and prime-switch if
nvidia-prime is installed
+ add revert_override_lang_with_accountservices.patch:
- on ubuntu accountservices only stores the language and not the
full locale as needed by lang.
+ add dont_set_language_env.patch:
- don't run the set_up_session_language() function, since it
overrides variable values set by ~/.pam_environment
+ add config_error_dialog.patch:
- show warning dialog in case of error in ~/.profile etc. and
don't let a syntax error make the login fail
+ add debian/patches/revert_nvidia_wayland_blacklist.patch:
- don't blacklist nvidia for wayland
+ add gdm3.service-wait-for-drm-device-before-trying-to-start-i.patch:
- wait for the first valid gdm device on pre-start
+ add debian/default.pa
- disable bluetooth audio devices in pulseaudio from gdm3.
+ debian/gdm3.install
- added details of the default.pa file
+ debian/gdm3.postinst
- added installation of default.pa and creation of dir if it doesn't
exist.
+ debian/greeter.dconf-defaults: don't set debian settings in the
greeter's dconf db
-- Marco Trevisan (Treviño) <[email protected]> Thu, 15 Apr 2021
18:14:18 +0100
** Changed in: gdm3 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1917362
Title:
PAM: smartcard owner isn't associated to user by default
Status in sssd:
Fix Released
Status in gdm3 package in Ubuntu:
Fix Released
Status in sssd package in Ubuntu:
Triaged
Status in gdm3 source package in Hirsute:
Fix Committed
Status in sssd source package in Hirsute:
Triaged
Bug description:
[ Impact ]
Smartcard user is not selected automatically when inserting a
smartcard
[ Test case ]
Insert a smartcard that has an user associated to it:
-> gdm is expected to select the user associated to it and start the
authentication
requesting the card PIN, without having to explicitly write the username.
[ Regression potential ]
PAM configuration for smartcard changed the order [1] we check the services,
so:
- if a /var/run/nologin the user will be denied for accessing the system only
after that the PIN has been inserted.
- root may be an allowed user, if associated to a smartcard (even though we
trust SSSD
PAM module and configuration explicitly disallows it).
[1] https://salsa.debian.org/gnome-
team/gdm/-/compare/90e71bd4...d32be2e5
---
There's a SSSD side of this fix (for the carts with multiple certificates)
that is part of 2.4.1 and should be handled by
https://github.com/SSSD/sssd/pull/5401/
(+ commit https://github.com/SSSD/sssd/commit/4ea1739d09b)
GDM should instead handle empty users properly both in the PAM config
and sending the info back to gnome-shell.
To manage notifications about this bug go to:
https://bugs.launchpad.net/sssd/+bug/1917362/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
