Sorry, I missed the previous comments.
> Do I read the gnome-settings-daemon patches correctly, and this
actually just entirely drops support for auth via NSS? So the regression
potential is that if someone has set up auth via a custom system nss
database, this *will* break login for them?
Well,
What's the status here? Questions are still unanswered after four
months.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be updated
gdm3 looks good to me, but I haven't accepted it yet as it depends on
the gnome-settings-daemon patches and I think it's best to resolve those
questions before accepting gdm3 into -proposed.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is
> Smartcard authentication using custom methods using via a custom
configured system nss database may not work anymore.
Do I read the gnome-settings-daemon patches correctly, and this actually
just entirely drops support for auth via NSS? So the regression
potential is that if someone has set up
** Description changed:
[ Impact ]
the pam profile for gdm-smartcard is missing. gdm refuses to login with
a smartcard. Looking at ubuntu/+source/gdm3, other pam files are
pregenerated into debian/ and installed from there; gdm-smartcard is
left out.
[ Test case ]
1. When
Andreas:
- I've now added SSSD to the bug
- I had not uploaded the remaining bits yet as I was waiting for SSSD to hit
the queue first
- GNOME settings daemon is also uploaded now to the queue
- GDM will be uploaded soon by Jeremy
The bug has now been updated to have a proper SRU template,
** Description changed:
+ [ Impact ]
+
the pam profile for gdm-smartcard is missing. gdm refuses to login with
a smartcard. Looking at ubuntu/+source/gdm3, other pam files are
pregenerated into debian/ and installed from there; gdm-smartcard is
left out.
- ProblemType: Bug
-
Also, this but is missing the SRU template, in case the sssd upload I
mentioned in my previous comment is really addressing this bug.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
There is an sssd package in focal-unapproved that points at this bug,
with this d/changelog snippet:
* debian/patches: Backport patches atches to support properly GDM smartcard
login (LP: #1865226)
(sic)
But there is no sssd task in this bug.
I also don't see a gdm3 upload to focal
** Changed in: gnome-settings-daemon
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be updated for
** Changed in: gdm3 (Ubuntu Focal)
Status: Confirmed => In Progress
** Changed in: gnome-settings-daemon (Ubuntu Focal)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
** Merge proposal linked:
https://code.launchpad.net/~3v1n0/ubuntu/+source/sssd/+git/sssd/+merge/436361
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard
** Changed in: gnome-settings-daemon
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be updated for
** Tags added: dt-194
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be updated for Ubuntu and installed
To manage notifications
Any idea when Focal will be completed ?
Regards,
Eric
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be updated for Ubuntu and
** No longer affects: gdm3 (Ubuntu Bionic)
** Changed in: gnome-settings-daemon (Ubuntu Focal)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gnome-settings-daemon in Ubuntu.
This bug was fixed in the package gdm3 - 3.38.2.1-2ubuntu1
---
gdm3 (3.38.2.1-2ubuntu1) hirsute; urgency=medium
* Merge with debian, containing new upstream version
* debian/control: Don't Recommend pam fprintd module, as we seed it
* debian/patches: Refresh
*
** Changed in: gdm3 (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be updated for Ubuntu
This bug was fixed in the package gnome-settings-daemon -
3.38.1-3ubuntu3
---
gnome-settings-daemon (3.38.1-3ubuntu3) hirsute; urgency=medium
* debian/patches: Support smartcard reders via p11kit API (LP: #1865226)
* debian/control: Build depend on libgck-1-dev and remove nss
** Merge proposal linked:
https://code.launchpad.net/~3v1n0/ubuntu-seeds/+git/ubuntu-seeds/+merge/398722
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
** Changed in: gdm3 (Ubuntu Groovy)
Status: Confirmed => In Progress
** No longer affects: gdm3 (Ubuntu Groovy)
** No longer affects: gnome-settings-daemon (Ubuntu Groovy)
** Changed in: gdm3 (Ubuntu)
Status: Confirmed => In Progress
** Changed in: gnome-settings-daemon (Ubuntu)
** Changed in: gdm3 (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be updated for Ubuntu and
** No longer affects: pam (Ubuntu)
** No longer affects: pam (Ubuntu Bionic)
** No longer affects: pam (Ubuntu Focal)
** No longer affects: pam (Ubuntu Groovy)
** Also affects: gdm3 (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953557
Importance: Unknown
Status:
Though I do understand it is a bit annoying that smartcard login on
bionic doesn't work, it worries me that fixing this would involve a lot
of backporting. This isn't a regression and bionic has been like this
from day 0, right? Do we have an understanding on how wanted this is on
bionic?
I'm not
(I have ping sil2100 internally for him to provide his 2 cents on this
bug.)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be
Lukasz (sil2100) can we have your SRU team input on this bug with regard
to Bionic/18.04lTS ?
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config
While Bionic could be maybe supported, that would likely require newer
SSSD.
Maybe in such case a pam_pkcs11 based solution could be provided, but
it's quite a lot of backporting work which would need SRU team to agree
with.
--
You received this bug notification because you are a member of
** Changed in: gnome-settings-daemon (Ubuntu Focal)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
** Changed in: gnome-settings-daemon (Ubuntu Groovy)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
--
You received this bug notification because you are a member
The solution is going to require sssd which started being used in focal,
we are not going to do official updates to bionic
** Changed in: gdm3 (Ubuntu Bionic)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is
** Changed in: gdm3 (Ubuntu Bionic)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam
g-s-d p11-kit backend ready at https://gitlab.gnome.org/GNOME/gnome-
settings-daemon/-/merge_requests/208
** Also affects: gnome-settings-daemon (Ubuntu)
Importance: Undecided
Status: New
** Changed in: gnome-settings-daemon (Ubuntu)
Importance: Undecided => Medium
** Changed in:
** Changed in: gdm3 (Ubuntu Focal)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam
I unfortunately don't have a smartcard device handy to test/debug/
but if I compare with RHEL which is known to be working...
Redhat has the following configuration "gdm-smarcard" which includes
"smartcard-auth", a symlink pointing to "smartcard-auth-local"
I think we should 'mimic' this (at
Right, as pointed out in previous comments the configuration as it is
today isn't workin on Debian/Ubuntu systems, the first step would be to
have someone understand those pam details working out those parts
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs,
# git clone https://gitlab.gnome.org/GNOME/gdm.git
# find . -name "gdm-smartcard*"
./data/pam-arch/gdm-smartcard.pam
./data/pam-redhat/gdm-smartcard.pam
./data/pam-exherbo/gdm-smartcard.pam
./data/pam-lfs/gdm-smartcard.pam
It seems like Ubuntu/Debian will have to start by having a 'compatible'
** Changed in: pam (Ubuntu Bionic)
Status: New => Invalid
** Changed in: pam (Ubuntu Focal)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
** Changed in: gdm3 (Ubuntu Groovy)
Importance: Medium => High
** Also affects: pam (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: gdm3 (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: pam (Ubuntu Bionic)
Importance: Undecided
** Changed in: gdm3 (Ubuntu Groovy)
Importance: Low => Medium
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be updated for Ubuntu
It has been brought to my attention by a UA customer that they are
suffering from which seems a similar situation:
"
Our only currently working SmartCard access from Linux, over SSSD, to AD, is on
RHEL7.
I was able to get SSH access on Ubuntu 20.04LTS, after adding
"ad_gpo_access_control =
** Also affects: pam (Ubuntu Groovy)
Importance: Undecided
Status: Invalid
** Also affects: gdm3 (Ubuntu Groovy)
Importance: Low
Assignee: Marco Trevisan (Treviño) (3v1n0)
Status: Confirmed
** Tags removed: rls-gg-incoming
--
You received this bug notification because
** Changed in: gdm3 (Ubuntu)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config
** Changed in: pam (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam config needs to be updated for Ubuntu and
Dimitri, why is a bug task opened on pam? The description doesn't point
to this being a pam bug.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1865226
Title:
gdm-smartcard pam
43 matches
Mail list logo
