[Desktop-packages] [Bug 1917362] Re: PAM: smartcard owner isn't associated to user by default
** Also affects: sssd (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: gdm3 (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: gdm3 (Ubuntu Focal) Status: New => In Progress ** Changed in: sssd (Ubuntu Focal) Status: New => In Progress ** Changed in: sssd (Ubuntu Focal) Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0) ** Changed in: sssd (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: gdm3 (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: gdm3 (Ubuntu Focal) Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1917362 Title: PAM: smartcard owner isn't associated to user by default Status in sssd: Fix Released Status in gdm3 package in Ubuntu: Fix Released Status in sssd package in Ubuntu: Fix Released Status in gdm3 source package in Focal: In Progress Status in sssd source package in Focal: In Progress Status in gdm3 source package in Hirsute: Won't Fix Status in sssd source package in Hirsute: Won't Fix Bug description: [ Impact ] Smartcard user is not selected automatically when inserting a smartcard [ Test case ] Insert a smartcard that has an user associated to it: -> gdm is expected to select the user associated to it and start the authentication requesting the card PIN, without having to explicitly write the username. [ Regression potential ] PAM configuration for smartcard changed the order [1] we check the services, so: - if a /var/run/nologin the user will be denied for accessing the system only after that the PIN has been inserted. - root may be an allowed user, if associated to a smartcard (even though we trust SSSD PAM module and configuration explicitly disallows it). [1] https://salsa.debian.org/gnome- team/gdm/-/compare/90e71bd4...d32be2e5 --- There's a SSSD side of this fix (for the carts with multiple certificates) that is part of 2.4.1 and should be handled by https://github.com/SSSD/sssd/pull/5401/ (+ commit https://github.com/SSSD/sssd/commit/4ea1739d09b) GDM should instead handle empty users properly both in the PAM config and sending the info back to gnome-shell. To manage notifications about this bug go to: https://bugs.launchpad.net/sssd/+bug/1917362/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1917362] Re: PAM: smartcard owner isn't associated to user by default
The Hirsute Hippo has reached End of Life, so this bug will not be fixed for that release. ** Changed in: gdm3 (Ubuntu Hirsute) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1917362 Title: PAM: smartcard owner isn't associated to user by default Status in sssd: Fix Released Status in gdm3 package in Ubuntu: Fix Released Status in sssd package in Ubuntu: Fix Released Status in gdm3 source package in Hirsute: Won't Fix Status in sssd source package in Hirsute: Won't Fix Bug description: [ Impact ] Smartcard user is not selected automatically when inserting a smartcard [ Test case ] Insert a smartcard that has an user associated to it: -> gdm is expected to select the user associated to it and start the authentication requesting the card PIN, without having to explicitly write the username. [ Regression potential ] PAM configuration for smartcard changed the order [1] we check the services, so: - if a /var/run/nologin the user will be denied for accessing the system only after that the PIN has been inserted. - root may be an allowed user, if associated to a smartcard (even though we trust SSSD PAM module and configuration explicitly disallows it). [1] https://salsa.debian.org/gnome- team/gdm/-/compare/90e71bd4...d32be2e5 --- There's a SSSD side of this fix (for the carts with multiple certificates) that is part of 2.4.1 and should be handled by https://github.com/SSSD/sssd/pull/5401/ (+ commit https://github.com/SSSD/sssd/commit/4ea1739d09b) GDM should instead handle empty users properly both in the PAM config and sending the info back to gnome-shell. To manage notifications about this bug go to: https://bugs.launchpad.net/sssd/+bug/1917362/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1917362] Re: PAM: smartcard owner isn't associated to user by default
The Hirsute Hippo has reached End of Life, so this bug will not be fixed for that release. ** Changed in: sssd (Ubuntu Hirsute) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1917362 Title: PAM: smartcard owner isn't associated to user by default Status in sssd: Fix Released Status in gdm3 package in Ubuntu: Fix Released Status in sssd package in Ubuntu: Fix Released Status in gdm3 source package in Hirsute: Won't Fix Status in sssd source package in Hirsute: Won't Fix Bug description: [ Impact ] Smartcard user is not selected automatically when inserting a smartcard [ Test case ] Insert a smartcard that has an user associated to it: -> gdm is expected to select the user associated to it and start the authentication requesting the card PIN, without having to explicitly write the username. [ Regression potential ] PAM configuration for smartcard changed the order [1] we check the services, so: - if a /var/run/nologin the user will be denied for accessing the system only after that the PIN has been inserted. - root may be an allowed user, if associated to a smartcard (even though we trust SSSD PAM module and configuration explicitly disallows it). [1] https://salsa.debian.org/gnome- team/gdm/-/compare/90e71bd4...d32be2e5 --- There's a SSSD side of this fix (for the carts with multiple certificates) that is part of 2.4.1 and should be handled by https://github.com/SSSD/sssd/pull/5401/ (+ commit https://github.com/SSSD/sssd/commit/4ea1739d09b) GDM should instead handle empty users properly both in the PAM config and sending the info back to gnome-shell. To manage notifications about this bug go to: https://bugs.launchpad.net/sssd/+bug/1917362/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1917362] Re: PAM: smartcard owner isn't associated to user by default
** Changed in: sssd (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1917362 Title: PAM: smartcard owner isn't associated to user by default Status in sssd: Fix Released Status in gdm3 package in Ubuntu: Fix Released Status in sssd package in Ubuntu: Fix Released Status in gdm3 source package in Hirsute: Fix Committed Status in sssd source package in Hirsute: Triaged Bug description: [ Impact ] Smartcard user is not selected automatically when inserting a smartcard [ Test case ] Insert a smartcard that has an user associated to it: -> gdm is expected to select the user associated to it and start the authentication requesting the card PIN, without having to explicitly write the username. [ Regression potential ] PAM configuration for smartcard changed the order [1] we check the services, so: - if a /var/run/nologin the user will be denied for accessing the system only after that the PIN has been inserted. - root may be an allowed user, if associated to a smartcard (even though we trust SSSD PAM module and configuration explicitly disallows it). [1] https://salsa.debian.org/gnome- team/gdm/-/compare/90e71bd4...d32be2e5 --- There's a SSSD side of this fix (for the carts with multiple certificates) that is part of 2.4.1 and should be handled by https://github.com/SSSD/sssd/pull/5401/ (+ commit https://github.com/SSSD/sssd/commit/4ea1739d09b) GDM should instead handle empty users properly both in the PAM config and sending the info back to gnome-shell. To manage notifications about this bug go to: https://bugs.launchpad.net/sssd/+bug/1917362/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1917362] Re: PAM: smartcard owner isn't associated to user by default
This bug was fixed in the package gdm3 - 3.38.2.1-3ubuntu2 --- gdm3 (3.38.2.1-3ubuntu2) impish; urgency=medium * Merge with debian * debian/gdm3.gdm-smartcard-*: Keep using user_readenv=1 in pam_env.so * Remaining changes with debian: + readme.debian: update for correct paths in ubuntu + control.in: - don't recommend desktop-base - build depend on libgudev-1.0-dev - depend on bash for config_error_dialog.patch - update vcs field + rules: - don't override default user/group - -dgdm-xsession=true to install upstream xsession script - override dh_installinit with --no-start to avoid session being killed + rules, readme.debian, gdm3.8.pod: use upstream custom.conf instead of daemon.conf + gdm3.{postinst,postrm}: rename user and group back to gdm + gdm3.*.pam: make pam_env read ~/.pam_environment, as we use in g-c-c settings + gdm3.install: - stop installing default.desktop. it adds unnecessary clutter ("system default") to the session chooser. - don't install debian/xsession + add run_xsession.d.patch + add xresources_is_a_dir.patch - fix loading from /etc/x11/xresources/* + add nvidia_prime.patch: - add hook to run prime-offload (as root) and prime-switch if nvidia-prime is installed + add revert_override_lang_with_accountservices.patch: - on ubuntu accountservices only stores the language and not the full locale as needed by lang. + add dont_set_language_env.patch: - don't run the set_up_session_language() function, since it overrides variable values set by ~/.pam_environment + add config_error_dialog.patch: - show warning dialog in case of error in ~/.profile etc. and don't let a syntax error make the login fail + add debian/patches/revert_nvidia_wayland_blacklist.patch: - don't blacklist nvidia for wayland + add gdm3.service-wait-for-drm-device-before-trying-to-start-i.patch: - wait for the first valid gdm device on pre-start + add debian/default.pa - disable bluetooth audio devices in pulseaudio from gdm3. + debian/gdm3.install - added details of the default.pa file + debian/gdm3.postinst - added installation of default.pa and creation of dir if it doesn't exist. + debian/greeter.dconf-defaults: don't set debian settings in the greeter's dconf db -- Marco Trevisan (Treviño) Thu, 15 Apr 2021 18:14:18 +0100 ** Changed in: gdm3 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1917362 Title: PAM: smartcard owner isn't associated to user by default Status in sssd: Fix Released Status in gdm3 package in Ubuntu: Fix Released Status in sssd package in Ubuntu: Triaged Status in gdm3 source package in Hirsute: Fix Committed Status in sssd source package in Hirsute: Triaged Bug description: [ Impact ] Smartcard user is not selected automatically when inserting a smartcard [ Test case ] Insert a smartcard that has an user associated to it: -> gdm is expected to select the user associated to it and start the authentication requesting the card PIN, without having to explicitly write the username. [ Regression potential ] PAM configuration for smartcard changed the order [1] we check the services, so: - if a /var/run/nologin the user will be denied for accessing the system only after that the PIN has been inserted. - root may be an allowed user, if associated to a smartcard (even though we trust SSSD PAM module and configuration explicitly disallows it). [1] https://salsa.debian.org/gnome- team/gdm/-/compare/90e71bd4...d32be2e5 --- There's a SSSD side of this fix (for the carts with multiple certificates) that is part of 2.4.1 and should be handled by https://github.com/SSSD/sssd/pull/5401/ (+ commit https://github.com/SSSD/sssd/commit/4ea1739d09b) GDM should instead handle empty users properly both in the PAM config and sending the info back to gnome-shell. To manage notifications about this bug go to: https://bugs.launchpad.net/sssd/+bug/1917362/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1917362] Re: PAM: smartcard owner isn't associated to user by default
Ok, fix has been reuploaded to impish, with https://launchpad.net/ubuntu/+source/gdm3/3.38.2.1-3ubuntu2 ** Changed in: gdm3 (Ubuntu) Status: Incomplete => Fix Committed ** Also affects: sssd (Ubuntu Hirsute) Importance: Undecided Status: New ** Also affects: gdm3 (Ubuntu Hirsute) Importance: Undecided Status: New ** Changed in: gdm3 (Ubuntu Hirsute) Importance: Undecided => Medium ** Changed in: gdm3 (Ubuntu Hirsute) Status: New => Fix Committed ** Changed in: gdm3 (Ubuntu Hirsute) Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0) ** Changed in: sssd (Ubuntu Hirsute) Importance: Undecided => Medium ** Changed in: sssd (Ubuntu Hirsute) Status: New => Triaged ** Changed in: sssd (Ubuntu Hirsute) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1917362 Title: PAM: smartcard owner isn't associated to user by default Status in sssd: Fix Released Status in gdm3 package in Ubuntu: Fix Committed Status in sssd package in Ubuntu: Triaged Status in gdm3 source package in Hirsute: Fix Committed Status in sssd source package in Hirsute: Triaged Bug description: [ Impact ] Smartcard user is not selected automatically when inserting a smartcard [ Test case ] Insert a smartcard that has an user associated to it: -> gdm is expected to select the user associated to it and start the authentication requesting the card PIN, without having to explicitly write the username. [ Regression potential ] PAM configuration for smartcard changed the order [1] we check the services, so: - if a /var/run/nologin the user will be denied for accessing the system only after that the PIN has been inserted. - root may be an allowed user, if associated to a smartcard (even though we trust SSSD PAM module and configuration explicitly disallows it). [1] https://salsa.debian.org/gnome- team/gdm/-/compare/90e71bd4...d32be2e5 --- There's a SSSD side of this fix (for the carts with multiple certificates) that is part of 2.4.1 and should be handled by https://github.com/SSSD/sssd/pull/5401/ (+ commit https://github.com/SSSD/sssd/commit/4ea1739d09b) GDM should instead handle empty users properly both in the PAM config and sending the info back to gnome-shell. To manage notifications about this bug go to: https://bugs.launchpad.net/sssd/+bug/1917362/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp