#2926 Make list of local PAM services allowed for Smartcard authentication configurable
Closed: Fixed 5 years ago Opened 8 years ago by sbose.

Currently the list of PAM services where Smartcard authentication is considered is hardcoded. It should be maked configurable at compile and run-time


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 alpha

Lukas agreed on sssd-devel that he would like to work on this ticket, reassigning.

owner: sbose => lslebodn

resolution: => fixed
status: new => closed

Ugh, sorry, wrong ticket :-(

resolution: fixed =>
status: closed => reopened

Fields changed

patch: 0 => 1

Need to release the Alpha tarball today.

milestone: SSSD 1.14 alpha => SSSD 1.14 beta

Need to release the Beta tarball today.

milestone: SSSD 1.14 beta => SSSD 1.14.0

Downstream BZ -> increase in priority.

priority: major => critical

1.14.0 is about to be released.

milestone: SSSD 1.14.0 => SSSD 1.14.1

Fields changed

milestone: SSSD 1.14.1 => SSSD 1.14.2

It's not clear to me if this ticket needs to stay in 1.14 or can be fixed in 1.15 or even later. Moving to triage.

milestone: SSSD 1.14.2 => NEEDS_TRIAGE

Can you please elaborate what does it mean it is hardcoded? What is the current user experience? In which cases user is expected to use his SC and in which cases not?

I only had a few comments about the latest patch on the list, so it might be possible to still add it to 1.14.

Dmitri, the current hardcoded list include "login", "su", "su-l", "gdm-smartcard", "gdm-password", "kdm", "sudo", "sudo-i" and "gnome-screensaver" which are the services on Fedora and RHEL where we think it makes sense to allow Smartcard authentication. Making this list configurable will allow other distributions to use different names for some of the PAM services and make it easier to support now services like e.g. other window managers.

FWIW, I'm absolutely not opposed to us pushing the patch when it's finished. The only thing I disliked was seeing 30+ open tickets in the 1.14 milestone when we're already planning the 1.15 one. I just didn't want us to lose focus and forget about tickets.

OK, moving back to 1.14, because the patch is close to being done and it might benefit other distributions, in particular Ubuntu that uses a different login manager than GDM by default.

milestone: NEEDS_TRIAGE => SSSD 1.14.2

Moving tickets that didn't make it into the 1.14.2 release into the next point release.

milestone: SSSD 1.14.2 => SSSD 1.14.3

Metadata Update from @sbose:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.14.3

7 years ago

Metadata Update from @fidencio:
- Custom field design_review reset (from 0)
- Custom field mark reset (from 0)
- Custom field patch adjusted to on (was: 1)
- Custom field review reset (from 0)
- Custom field sensitive reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue close_status updated to: None

5 years ago

Metadata Update from @fidencio:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue set to the milestone: SSSD 2.0 (was: SSSD 1.14.3)

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3967

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata