Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1676385
Description of problem: I want to auto unlock the gnome keyring on login. If the 'login' keyring does not exist it should be created using the smartcard PIN provided by the user as password. This worked in RHEL7 with pam_pkcs11 but does not seem to work with pam_sss, i get the following error: gdm-smartcard][19194]: gkr-pam: no password is available for user It seems like pam_sss does not let other pam modules use the provided PIN even though 'forward_pass' is specified. /etc/pam.d/gdm-smartcard: auth substack smartcard-auth auth optional pam_gnome_keyring.so auth include postlogin account required pam_nologin.so account include smartcard-auth password include smartcard-auth session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so session required pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_namespace.so session include smartcard-auth session optional pam_gnome_keyring.so auto_start session include postlogin Version-Release number of selected component (if applicable): sssd-2.0.0-21.el8.x86_64 How reproducible: Always Steps to Reproduce: 1. Add pam_gnome_keyring to /etc/pam.d/gdm-smartcard 2. Login using pam_sss and smartcard 3. Actual results: 'login' keyring is not created. Expected results: 'login' keyring should be created using my smartcard PIN as password Additional info:
Metadata Update from @sbose: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1676385
Metadata Update from @sbose: - Issue assigned to sbose
PR: https://github.com/SSSD/sssd/pull/869
Metadata Update from @sbose: - Custom field patch adjusted to on
Commit e989620 relates to this ticket
Master:
Metadata Update from @sbose: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/5035
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.