Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-17495

New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider')

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-8.10
    • rhel-8.10
    • sssd
    • sssd-2.9.4-1.el8
    • None
    • None
    • rhel-sst-idm-sssd
    • ssg_idm
    • 20
    • 21
    • 0
    • Dev ack
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      I was trying to configure sssd to work with smart cards. The new way of specifying shadowutils works, however, it seems it's not backward compatible and we can not log in with "id_provider = files" anymore.

      How reproducible:

      Always

      Please provide the package NVR for which bug is seen:

      sssd-2.9.3-2.el8.x86_64

      Steps to reproduce

      I used the config. In there, there is the old configuration of sssd which doesn't seem to work:
      [sssd]

      debug_level = 9

      services = nss, pam, ssh, sudo

      domains = shadowutils

      certificate_verification = no_ocsp

      [nss]

      debug_level = 9

      [pam]

      debug_level = 9

      pam_cert_auth = True

      [domain/shadowutils]

      id_provider = files{}

      Expected results

      Smart card login should succeed. Su command and GUI should prompt for smart card pin and login if the pin is correct.

      Actual results

      Su command is asking for user password and GUI is prompting "Please (re)insert (different) Smartcard".

              sbose@redhat.com Sumit Bose
              rh-ee-gpantela George Pantelakis
              SSSD Maintainers SSSD Maintainers
              George Pantelakis George Pantelakis
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: