Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1672780
Description of problem: On an IPA Client with a Smart Card certificate mapping properly to two Active Dictory users, I expected GDM Login prompt to ask for Smart Card pin then the username hint. It did not. It just prompts for password. Other Smart Card authentication on the client works as expected: [root@rhel8-2 ~]# su - ipacertmultiuser1@ad.test -c "su - ipacertmultiuser1@ad.test -c whoami" PIN for ipauser1-01 (MyEID) ipacertmultiuser1@ad.test [root@rhel8-2 ~]# su - ipacertmultiuser2@ad.test -c "su - ipacertmultiuser2@ad.test -c whoami" PIN for ipauser1-01 (MyEID) ipacertmultiuser2@ad.test Version-Release number of selected component (if applicable): # rpm -q sssd gdm authselect ipa-client sssd-2.0.0-38.el8.x86_64 gdm-3.28.3-17.el8.x86_64 authselect-1.0-11.el8.x86_64 ipa-client-4.7.1-10.module+el8+2699+aa606a46.x86_64 How reproducible: Unknown Steps to Reproduce: 1. Setup IPA Server and Client to enable Smart Card authentication 2. Setup Trust with AD and add mapping for cert from card to two AD users 3. Insert card in reader Actual results: Prompted for password Expected results: expect GDM Login screen to prompt for PIN of card and then the username hint. Additional info: In sssd_pam.log I see: (Tue Feb 5 15:39:21 2019) [sssd[pam]] [pam_forwarder_lookup_by_cert_done] (0x4000): Found [1] certificates and [2] related users. (Tue Feb 5 15:39:21 2019) [sssd[pam]] [pam_forwarder_lookup_by_cert_done] (0x0020): More than one user mapped to certificate. ... (Tue Feb 5 15:39:21 2019) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [8]: Insufficient credentials to access authentication data. Note that if I remove mapping for one of the users, I can login with PIN prompt. There is not username hint prompt in that case (as expected).
Metadata Update from @sbose: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1672780
https://github.com/SSSD/sssd/pull/746
Commit 3eb99a1 relates to this ticket
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @jhrozek: - Issue assigned to sbose - Issue set to the milestone: SSSD 2.1 - Issue tagged with: bug
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4927
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.