Issue #3512: pam_sss: add new option to check only if a local user is configured for smartcard authentication - sssd

SSSD / sssd

#3512 pam_sss: add new option to check only if a local user is configured for smartcard authentication

Closed: wontfix 4 years ago by pbrezina. Opened 6 years ago by pbrezina.

Current system-auth pam stack won't work to authenticate local users
via smartcards because pam_unix will be called first and it will ask
for passwor.

We should call pam_sss unconditionally and let SSSD do the work. New
pam_sss option is needed to tell SSSD to check only if a local user
is configured for smartcard authentication which would include also root.

Metadata Update from @pbrezina:
- Issue assigned to sbose

6 years ago

jhrozek commented 6 years ago

Since the smartcards-for-local users is something we will work on for F-28, I'm filing the ticket into SSSD 2.0 for the moment. That said, we can always bump the ticket to an earlier release if there is a PR..

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.0

6 years ago

Metadata Update from @jhrozek:
- Issue priority set to: critical
- Issue tagged with: RFE

6 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

4 years ago

Metadata Update from @thalman:
- Issue tagged with: Future milestone

4 years ago

Metadata Update from @pbrezina:
- Issue untagged with: Future milestone
- Issue tagged with: Canditate to close

4 years ago

pbrezina commented 4 years ago

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

Metadata Update from @pbrezina:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

4 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4538

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

sbose

Tags

Blocking

None

Depending on

None

Priority

critical

Milestone

SSSD 2.3

type

None

component

None

version

None

selected

None

testsupdated

None

patch

None

rhbz

None

design_review

None

review

None

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#3512 pam_sss: add new option to check only if a local user is configured for smartcard authentication Closed: wontfix 4 years ago by pbrezina. Opened 6 years ago by pbrezina.

Metadata

RFE Candidate to close

#3512 pam_sss: add new option to check only if a local user is configured for smartcard authentication

Closed: wontfix 4 years ago by pbrezina. Opened 6 years ago by pbrezina.