Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-119713

RHEL 8 Backport SSSD [RFE] Continue searching other PKCS#11 tokens if certificates are not found

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • rhel-8.10.z
    • sssd
    • None
    • None
    • rhel-idm
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      See https://github.com/SSSD/sssd/issues/5905 for the original issue.

      RHEL 8 uses SSSD 2.9.4 which is impacted by the above bug. This is problematic in virtual desktop environments where smart cards can be passed indiscriminately (e.g. Windows Hello, see Amazon DCV) leaving GDM login broken because SSSD won't iterate past the first (usually incorrect) smart card certificate.

      The working patch (along with the RHEL 8.10 rpm build and spec) is available here: https://nextcloud.reeseapps.com/s/pZpbemzX57KF4yk

        1. p11child.patch
          26 kB
          Adrian Macintosh

              aboscatt@redhat.com Andre Boscatto
              ducoterra Adrian Macintosh
              SSSD Maintainers SSSD Maintainers
              SSSD QE SSSD QE
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: