#3165 login using gdm calls for gdm-smartcard when smartcard authentication is not enabled
Closed: Fixed None Opened 3 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1371631

Description of problem:
gdm calls for gdm-smartcard when smartcard authentication is not enabled

Version-Release number of selected component (if applicable):
gdm-3.14.2-18.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Install ipa-client and enable smartcard login using sssd by making the
following change in sssd.conf

[pam]
pam_cert_auth = True

2. Trust the signing certs associated with the smartcard under /etc/pki/nssdb

3. Login using smartcard

4. Screen locks due to inactivity

5. login attempt prompts for pin

Actual results:
Auth fails

Expected results:
Auth should be successful

Additional info:

Seeing the following in /var/log/secure

Aug 30 11:48:00 dhcp129-53 gdm-smartcard]: pam_pkcs11(gdm-smartcard:auth): no
valid certificate which meets all requirements found

/etc/dconf/db/distro.d/10-authconfig says enable-smartcard-authentication=false

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
patch: 0 => 1
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14.2

Fields changed

owner: somebody => sbose

Fields changed

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.14.2

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4198

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata