[RHEL-4085] backport smart card insertion fix

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: rhel-8.1.0
Component/s: gnome-settings-daemon
Labels:

Regression:
None
Severity:
None

Pool Team:

rhel-sst-display-desktop-foundation
Sub-System Group:

ssg_display

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Release Note Type:
If docs needed, set a value

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 1796190

PX Impact Score:
PX Technical Impact:
PX Impact Range:
PX Priority Data:
PX Review Complete:
PX Scheduling Request:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:
GDM does not automatically prompt for password when smart card inserted. After inserting smart card, you must key in the user name before it reads the smart card.

Version-Release number of selected component (if applicable):

Red Hat Enterprise Linux 8.1
sssd-common-pac-2.2.0-19.el8.x86_64
sssd-krb5-2.2.0-19.el8.x86_64
pcsc-lite-1.8.23-3.el8.x86_64
sssd-2.2.0-19.el8.x86_64
sssd-nfs-idmap-2.2.0-19.el8.x86_64
gdm-3.28.3-22.el8.x86_64
sssd-ldap-2.2.0-19.el8.x86_64
pcsc-lite-devel-1.8.23-3.el8.x86_64
pcsc-lite-libs-1.8.23-3.el8.x86_64
sssd-krb5-common-2.2.0-19.el8.x86_64
sssd-ipa-2.2.0-19.el8.x86_64
sssd-kcm-2.2.0-19.el8.x86_64
pcsc-lite-ccid-1.4.29-3.el8.x86_64
sssd-client-2.2.0-19.el8.x86_64
sssd-proxy-2.2.0-19.el8.x86_64
sssd-common-2.2.0-19.el8.x86_64
sssd-ad-2.2.0-19.el8.x86_64
python3-sssdconfig-2.2.0-19.el8.noarch

How reproducible:
Consistently.

Steps to Reproduce:
Unable to reproduce using CAC card on front-line due to lack resources. A backline engineer was able to reproduce mostly using Yubikey.

Actual results:
When smart-card is inserted, user must be manually chosen before prompt is given.

Expected results:
When smart-card is inserted, user is detected and password prompt is given.

Additional info:
cat /etc/authselect/dconf-db

Generated by authselect on Thu Nov 21 10:48:15 2019
Do not modify this file manually.

[org/gnome/login-screen]
enable-smartcard-authentication=true
enable-fingerprint-authentication=false
enable-password-authentication=false

smart card readers in use:
Bus 002 Device 023: ID 076b:3022 OmniKey AG CardMan 3021
Bus 002 Device 024: ID 08e6:3437 Gemalto (was Gemplus) GemPC Twin SmartCard Reader
Bus 002 Device 025: ID 1050:0406 Yubico.com Yubikey 4 U2F+CCID
Bus 002 Device 026: ID 04e6:5814 SCM Microsystems, Inc.
Bus 002 Device 027: ID 058f:9540 Alcor Micro Corp. AU9540 Smartcard Reader

/etc/pam.d/smartcard-auth:

auth required pam_env.so
auth sufficient pam_sss.so forward_pass allow_missing_name
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so

session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so

external trackers

Gitlab redhat/centos-stream/rpms/gnome-settings-daemon/-/merge_requests/14

GNOME Gitlab GNOME/gnome-settings-daemon/-/issues/260

GNOME Gitlab GNOME/gnome-settings-daemon/-/merge_requests/208

GNOME Gitlab GNOME/gnome-settings-daemon/-/merge_requests/328

PnT-DevOps Jira RHELPLAN-33800

Red Hat Customer Portal 02529087

Red Hat Issue Tracker RHELPLAN-33800

(2 external trackers)

pm-rhel added a comment - 2023/09/15 4:52 PM

Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.

pm-rhel added a comment - 2023/09/15 4:52 PM Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.

Michael Boisvert added a comment - 2023/08/07 10:54 PM

I am extending the ITM of this bug as far as possible in order to hopefully get customer testing. Otherwise, it will be verified as sanity only.

Michael Boisvert added a comment - 2023/08/07 10:54 PM I am extending the ITM of this bug as far as possible in order to hopefully get customer testing. Otherwise, it will be verified as sanity only.

Michael Boisvert added a comment - 2023/07/26 2:42 PM

Scott, could you please have the customer test: gnome-settings-daemon-3.32.0-20.el8.

https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2610998

Michael Boisvert added a comment - 2023/07/26 2:42 PM Scott, could you please have the customer test: gnome-settings-daemon-3.32.0-20.el8. https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2610998

Assignee:: Ray Strode

Reporter:: Brandon Clark

Developer:: Ray Strode

QA Contact:: Michael Boisvert

Votes:: 0 Vote for this issue

Watchers:: 15 Start watching this issue

Created:: 2023/09/15 4:51 PM

Updated:: 2025/02/18 7:39 AM

Stale Date:: 2026/03/15

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: pm-rhel added a comment - 2023/09/15 4:52 PM

Expand comment: pm-rhel added a comment - 2023/09/15 4:52 PM

Collapse comment: Michael Boisvert added a comment - 2023/08/07 10:54 PM

Expand comment: Michael Boisvert added a comment - 2023/08/07 10:54 PM

Collapse comment: Michael Boisvert added a comment - 2023/07/26 2:42 PM

Expand comment: Michael Boisvert added a comment - 2023/07/26 2:42 PM

People

Dates