#3512 pam_sss: add new option to check only if a local user is configured for smartcard authentication
Opened 2 years ago by pbrezina. Modified 3 months ago

Current system-auth pam stack won't work to authenticate local users
via smartcards because pam_unix will be called first and it will ask
for passwor.

We should call pam_sss unconditionally and let SSSD do the work. New
pam_sss option is needed to tell SSSD to check only if a local user
is configured for smartcard authentication which would include also root.


Metadata Update from @pbrezina:
- Issue assigned to sbose

2 years ago

Since the smartcards-for-local users is something we will work on for F-28, I'm filing the ticket into SSSD 2.0 for the moment. That said, we can always bump the ticket to an earlier release if there is a PR..

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.0

2 years ago

Metadata Update from @jhrozek:
- Issue priority set to: critical
- Issue tagged with: RFE

2 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

a year ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)

7 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

3 months ago

Login to comment on this ticket.

Metadata