Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1503802
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: Smartcard authentication fails for IPA users if SSSD is offline and 'krb5_store_password_if_offline = True' Steps to Reproduce: 1) Install as a new RHEL 7.4 Server install using Server with GUI 2) Installed ipa-client and join the workstation to the domain by executing ipa-client-install 4) Remove pam_pkcs11 5) Install opensc 6) Enabled SSSD authentication and smartcard authentication using "authconfig --enablesmartcard --smartcardmodule=sssd --enablesssd --enablesssdauth --updateall 7) Verify that /etc/sssd/sssd.conf contains pam_cert_auth = true under [pam], and cache_credentials = true under the domain section 7) Restart sssd 8) Restart pcscd 9) Attempt to login to the domain account with username/password from the console which should be successful 10) Log out 11) Attempt to login to the domain account with username/smartcard and no password from the console which should be successful 12) Log out 13) Disconnect the network cable or remove connectivity to IPA server 14) Attempt to login to the domain account with username/smartcard and no password from the console. Will get prompted for a PIN, but then the login fails. 15) Attempt to login to the domain account with username/password from the console should get sucessful at this moment 16) Then reconnect the network cable 17) Now attempt to login to the domain account with username/smartcard and no password from the console will be successful Actual results: Attempt in 14th step is getting failed. Expected results: Attempt in 14th step also should be successful
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1503802
Metadata Update from @sbose: - Issue assigned to sbose
Metadata Update from @sbose: - Custom field patch adjusted to on - Issue set to the milestone: None
https://github.com/SSSD/sssd/pull/435
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.1 - Issue tagged with: PR, bug
There is a PR and an associated bugzilla, but since we want to release the 1.16.1 tarball as soon as possible, I'm proposing that this ticket is moved to 1.16.2
Metadata Update from @jhrozek: - Issue tagged with: postpone-to-1-16-2
Metadata Update from @jhrozek: - Issue priority set to: major
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.2 (was: SSSD 1.16.1)
Metadata Update from @jhrozek: - Issue untagged with: postpone-to-1-16-2
master:
sssd-1-14:
sssd-1-13:
Metadata Update from @lslebodn: - Issue close_status updated to: Fixed - Issue set to the milestone: SSSD 1.16.1 (was: SSSD 1.16.2) - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4588
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.